|
Students discover overwhelming number of MongoDBs without access control, including a French telecoms database with 8 million customer phone numbers and addresses NoSQL? More like NoSecurity, amirite folks?
I'll get my coat.
|
|
|
|
|
Geez...Wouldn't that be common sense for any db admin??!!
H.B.
|
|
|
|
|
OMG!!! I think common sense is not so common any more..
|
|
|
|
|
I can't see how that's the fault of MongoDB - all you need is fire some DB admins around the word...
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
|
|
|
|
|
If they're using Mongo they probably already fired all DB Admins. And that's the root of the problem.
|
|
|
|
|
I remember back in the dark ages a similar story about how many Oracle systems still had scott/tiger enabled with admin rights. It is the same thing with MongoDb, I like Mongo and I use it, but if you are such a numpty as to put your DB on da webs and not tie down access to it then you deserve every piece of data that gets stolen.
veni bibi saltavi
|
|
|
|
|
Sadly though, it is our data which is likely to be stolen.
"If you don't fail at least 90 percent of the time, you're not aiming high enough."
Alan Kay.
|
|
|
|
|
Quote: telecoms database with 8 million customer phone numbers and addresses
I remember when that sort of highly secret information was only available in book form...and was left on your doorstep.
|
|
|
|
|
|
There's an awesome Defcon talk on this called Massscanning the Internet[^].
Basically if you know the port a particular service runs on, you can use a tool called MasScan[^] to scan the entire internet for it in ten minutes (if your internet is fast enough). Then write a script to loop through each result and try and login with default credentials and bam! Security Alert!
|
|
|
|
|
As agile practices, Continuous Integration and other new methodologies come into development environments, organizations have come to realize they need to change the way they test software. They only test in sprints until they find three bugs
|
|
|
|
|
The only way to stop finding bugs is to stop looking.
If your actions inspire others to dream more, learn more, do more and become more, you are a leader.-John Q. Adams You must accept one of two basic premises: Either we are alone in the universe, or we are not alone in the universe. And either way, the implications are staggering.-Wernher von Braun Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.-Albert Einstein
|
|
|
|
|
|
|
Kent Sharkey wrote: test software
What's that?
modified 13-Feb-15 10:47am.
|
|
|
|
|
There's no right answer to "What technology should I learn next?" But there is a way to manage your skills to maximize the return you get from them. I don't have a skills portfolio, it's more like a skills junk drawer
|
|
|
|
|
According to Nature, scientists are honing in on methods to reassemble scattered light that passes through opaque objects to create a usable image on the other side, Superman-style. Does it involve cardboard glasses?
|
|
|
|
|
Kent Sharkey wrote: light that passes through opaque
This must be some new definition of "opaque" that I wasn't previously aware of.
|
|
|
|
|
|
I tell you that with less than 40 keV of X-Ray you'd hardly pass through an olive, only to see a gray stain on the other side.
No supaman style X-Ray vision I guess... since there's no way it could work anyway, with the generator and the detector on the same side you discard at least 90% of the radiation, and the remaining 10% must travel twice the distance between generator and object further reducing the power of the x-rays received by a factor of 4.
Geek code v 3.12
GCS d--- s-/++ a- C++++ U+++ P- L- E-- W++ N++ o+ K- w+++ O? M-- V? PS+ PE- Y+ PGP t++ 5? X R++ tv-- b+ DI+++ D++ G e++>+++ h--- r++>+++ y+++*
Weapons extension: ma- k++ F+2 X
|
|
|
|
|
That does not matter.
What matters is that someone thinks it is innovative, sexy and worth the investment. There's more money on the planet than common sense.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
I TOTALLY agree with you.
Also, the path of research is a twisted one - you may end up discovering (or creating) something of the uttermost importance in the task of searching for something completely different.
In this case for example the research could lead to better or cheaper X-ray scintillators, which is something needed in the XR detection industry.
Geek code v 3.12
GCS d--- s-/++ a- C++++ U+++ P- L- E-- W++ N++ o+ K- w+++ O? M-- V? PS+ PE- Y+ PGP t++ 5? X R++ tv-- b+ DI+++ D++ G e++>+++ h--- r++>+++ y+++*
Weapons extension: ma- k++ F+2 X
|
|
|
|
|
Data breaches were up 49 percent from 2013. Good job folks. Let's go for 2 this year!
|
|
|
|
|
In a post titled, The Road to Windows 10 found on Microsoft's JobsBlog, software engineers, program managers, engineering leads, media teams and a myriad of other vital Windows 10 contributors have their daily routines documented. It's cleaned up: they removed the flaming ninjas
|
|
|
|
|
Ninja?... Ninja?....
THIS....
IS....
SPARTA(N)
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|