Nostalgic Hacks now backed up with research
So over the last couple of years we've found several of these in audits we've done. I remember warning Nate at Weber, when I found the exposed MongoDB and gained access, that those things need to be secured and watched as they are new tech that nobody is thinking about securing yet. He rolled his eyes a bit. Then the memcached dump there as well (Jake's find?). Looks like we finally have some legit research to point our reports at now when we find those things on an audit: http://blog.binaryedge.io/2015/08/10/data-technologies-and-security-part-1/
I want to compile all the news stories about the Utah schools that have dealt with students keylogging and gaining access for fraud and grade changing activities as well, to compile into the report so we can show the physical attacks are real world as well and threaten the data integrity of the institutions records or worse. So if you have some good links about that, put those out there on this thread as well, please.
Ha ha I just found two of them the other day.
http://vulnerabledisclosures.blogspot.com/
From: <ushe-assess-bounces@lists.dixie.edumailto:ushe-assess-bounces@lists.dixie.edu> on behalf of Chuck Kimber <chuck.kimber@usu.edumailto:chuck.kimber@usu.edu> Date: ThursdayAugust-2015-13 at 4:25 PM To: "ushe-assess@lists.dixie.edumailto:ushe-assess@lists.dixie.edu" <ushe-assess@lists.dixie.edumailto:ushe-assess@lists.dixie.edu> Subject: [USHE-assess] Nostalgic Hacks now backed up with research
So over the last couple of years we've found several of these in audits we've done. I remember warning Nate at Weber, when I found the exposed MongoDB and gained access, that those things need to be secured and watched as they are new tech that nobody is thinking about securing yet. He rolled his eyes a bit. Then the memcached dump there as well (Jake's find?). Looks like we finally have some legit research to point our reports at now when we find those things on an audit: http://blog.binaryedge.io/2015/08/10/data-technologies-and-security-part-1/
I want to compile all the news stories about the Utah schools that have dealt with students keylogging and gaining access for fraud and grade changing activities as well, to compile into the report so we can show the physical attacks are real world as well and threaten the data integrity of the institutions records or worse. So if you have some good links about that, put those out there on this thread as well, please.
participants (2)
-
Chuck Kimber -
Dustin Udy