An Interest In:
Web News this Week
- March 24, 2024
- March 23, 2024
- March 22, 2024
- March 21, 2024
- March 20, 2024
- March 19, 2024
- March 18, 2024
Some of Our Sources
- Technology Review
- Pearsonified
- The Logo Smith
- Smashing Magazine
- Fuel Your Creativity
- Web Designer Depot
- Web Design Ledger
- Specky Boy
- CSS Tricks
- Dev To
Help Webnuz
Referal links:
October 24, 2018 12:10 am
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/YgJWVseKuWY/an-isp-left-corporate-passwords-keys-and-all-its-data-exposed-on-the-internet
An ISP Left Corporate Passwords, Keys, and All Its Data Exposed On the Internet
Security researchers at UpGuard discovered that a Washington-based ISP called Pocket iNet left 73 gigabytes of essential operational data publicly exposed in a misconfigured Amazon S3 storage bucket for months. "Said bucket, named 'pinapp2,' contained the 'keys to the kingdom,' according to the security firm, including internal network diagramming, network hardware configuration photos, details and inventory lists -- as well as lists of plain text passwords and AWS secret keys for Pocket iNet employees," reports Motherboard. From the report: Upguard says the firm contacted Pocket iNet on October 11 of this year, the same day the exposed bucket was discovered, but the ISP took an additional week before the data was adequately secured. "Seven days passed before Pocket iNet finally secured the exposure," noted the firm. "Due to the severity of this exposure, UpGuard expended significant effort during those seven days, repeatedly contacting Pocket iNet and relevant regulators, including using contact information found within the exposed dataset." According to UpGuard, the list of plain text passwords was particularly problematic, given it provided root admin access to the ISP's firewalls, core routers and switches, servers, and wireless access points. "Documents containing long lists of administrative passwords may be convenient for operations, but they create single points of total risk, where the compromise of one document can have severe and extensive effects throughout the entire business," noted UpGuard. "If such documents must exist, they should be strongly encrypted and stored in a known secure location," said the firm. "Unfortunately, a single folder of PocketiNet's network operation historical data (non-customer) was publicly accessible to Amazon administrative users," the ISP said in a statement to Motherboard. "It has since been secured."Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/YgJWVseKuWY/an-isp-left-corporate-passwords-keys-and-all-its-data-exposed-on-the-internet
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot