[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions 😉
So onto the news:
Administrators Continue to Fail in Securing Databases by Using Proper Configs
Security experts at BinaryEdge have analyzed how developers and system administrators configured different technologies and have found out that most of them fail to change the default configuration, which leaves their servers open to outside intrusions.
The same kind of research was also carried out in the past by a group of students who found 40,000 MongoDB databases exposed to Internet connections, and by John Matherly, founder of Shodan.io, who found 600 terabytes of data exposed in 30,000 MongoDB instances, only four months later.
Only four technologies were included in their study, which revealed 1,175 terabytes of information. The technologies in question are Redis, MongoDB, Memcached, and ElasticSearch, all suffering from the same issue – using the default configuration which does not block connections from untrusted external actors.
As the researchers conclude, besides the exposed data, they’ve also found that most of the exposed server instances are running older versions of the technology in question, which in some cases, besides leaving the data out in the open, also expose the entire server to more serious security issues.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=b3a0491895&e=20056c7556
Apple OS X hit by new zero-day
Proof of concept released notifying Apple.
Italian student Luca Todesco posted details of the “tpwn” vulnerability with source code for an exploit on the Github repository, and said he did not contact Apple prior to the publication of the vulnerability.
Todesco’s exploit uses multiple attacks, one of which targets Apple’s IOKit hardware device driver platform. It could be used by attackers to gain full, system-wide root access to victims’ machines, in order to control them or to plant malware.
The DYLD privilege escalation vulnerability discovered last month by researcher Stefan Esser – who also published details of the flaw without first notifying Apple – was quickly exploited by attackers seeking to plant adware and junkware on users’ Macs.
OS X 10.10.5 remains vulnerable to the new flaw discovered by Todesco, who said the vulnerability is patched in the lastest “El Capitan” 10.11 version of the operating system.
Todesco also released an unofficial fix, NULLGUARD, which renders his own tpwn and similar bugs unexploitable by preventing the execution of binary files lacking __PAGEZERO segments for NULL pointer de-references.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=3d82246b11&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=623e846d53)
** Update subscription preferences (http://paulgdavis.us3.list-manage2.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)