Many businesses and organizations use various technologies to optimize the performance of their websites and databases, but in many cases the security is forgotten, allowing large amounts of data over the Internet accessible to everyone.
Researchers from Binary Edge investigated through technologies, namely Redis, MongoDB, Memcache and ElasticSearch. Redis is a caching solution which can be used as a database server, or may help to improve the performance of databases.The researchers found more than 35,000 installations of Redis which were accessible without authentication. This enabled them approaching 17 terabytes of data. We also found that many older versions of the software were used.
A similar picture emerges MongoDB, popular database software used by all kinds of services and websites. In this case, the researchers were 39,000 databases without authentication approach and the total went to 619 terabytes of data. And again there are many outdated and unpatched versions of the software in circulation.
The third technology that was studied is memcached, a popular caching system that stores information in the server's memory so it can be retrieved quickly. More than 118,000 installations of Memcached were approachable, which allows access to more than 11 terabytes could be obtained. If this had been searching software ElasticSearch scrutinized. This yielded 9,000 open systems and 531 terabytes of data.
Wrestle
The four technologies appeared together 1.1 petabytes of exposing data. It also showed that many of the facilities were outdated. This not only ran in some cases, data risk, but also the server on which the software is installed. According to researchers, companies still struggle with the deployment of these technologies, which are not safe from himself. The problems with the misconfigured systems were found in both small and large companies. The researchers are now working on a system that will warn all companies involved.
No comments:
Post a Comment