abney and associates hong kong
reviews
Many
poorly-secured company servers are exposed online, offering attackers ready-made
backdoors to wipe or steal data.
A security researcher that (gently) probed
every computer on the Internet to discover hundreds of thousands of unsecured
systems (see “When One Man Pinged the Whole Internet”) has now repeated the
exercise to find hundreds of thousands of servers that could be trivially taken
over by an attacker.
HD Moore, chief research officer
at Rapid7, did a fresh scan of the Internet after hearing about vulnerabilities
in a standard component of servers that allows them to be monitored and
controlled remotely. Independent researcher Dan Farmer recently showed that
flaws in the design of many Baseboard Management Controllers (BMCs) mean they
could all too easily provide unauthorized access and control, too.
Moore’s scan found 308,000 BMCs
that used the problem protocol identified by Farmer. A total of 53,000 of them
were configured in a way that allows access without a password; 195,000 stored
passwords and other credentials unencrypted; 99,000 exposed encoded passwords
that could be cracked by an attacker (Moore says that he unscrambled 10 percent
in a preliminary test); 35,000 had vulnerabilities in the Universal Plug and
Play protocol that Moore’s previous Internet scan highlighted.
Moore explains the consequences
of what he found like this in an FAQ document:
“An attacker that is able to
compromise a BMC should be able to compromise its
parent server. Once access to the server is gained, the attacker could copy
data from any attached storage, make changes to the operating system, install a
permanent backdoor, capture credentials passing through the server, launch a
denial of service attack, or simply wipe the hard drives.”
That information released by the
researchers doesn’t reveal anything about what types of organizations are at
risk, but the numbers make it clear that the problem is widespread. Moore told
Wired that “essentially every modern company and government on the planet”
relies on the flawed BMC protocol examined in his study.
These new results underline what Moore told us
earlier this year, when speaking about his initial project to ping the entire
Internet. Most public attention and industry effort is focused on the security
of the computers on people’s desks, but it seems to common for powerful, core
parts of IT systems to be exposed online.
1 comments:
Hi there, I read your blogs on a regular basis. Your humoristic style is witty, keep it up! you manage to make a serious topic like internet technology an enjoyable topic to read. Impressive
Post a Comment