START A PETITION 25,136,189 members: the world's largest community for good
START A PETITION
x
Jul 6, 2013

Soure

 

abney and associates hong kong reviews

 

Many poorly-secured company servers are exposed online, offering attackers ready-made backdoors to wipe or steal data.

 

A security researcher that (gently) probed every computer on the Internet to discover hundreds of thousands of unsecured systems (see “When One Man Pinged the Whole Internet&rdquo has now repeated the exercise to find hundreds of thousands of servers that could be trivially taken over by an attacker.

 

HD Moore, chief research officer at Rapid7, did a fresh scan of the Internet after hearing about vulnerabilities in a standard component of servers that allows them to be monitored and controlled remotely. Independent researcher Dan Farmer recently showed that flaws in the design of many Baseboard Management Controllers (BMCs) mean they could all too easily provide unauthorized access and control, too.

 

Moore’s scan found 308,000 BMCs that used the problem protocol identified by Farmer. A total of 53,000 of them were configured in a way that allows access without a password; 195,000 stored passwords and other credentials unencrypted; 99,000 exposed encoded passwords that could be cracked by an attacker (Moore says that he unscrambled 10 percent in a preliminary test); 35,000 had vulnerabilities in the Universal Plug and Play protocol that Moore’s previous Internet scan highlighted.

 

Moore explains the consequences of what he found like this in an FAQ document:

 

“An attacker that is able to compromise a BMC should be able to compromise its parent server. Once access to the server is gained, the attacker could copy data from any attached storage, make changes to the operating system, install a permanent backdoor, capture credentials passing through the server, launch a denial of service attack, or simply wipe the hard drives.”

 

That information released by the researchers doesn’t reveal anything about what types of organizations are at risk, but the numbers make it clear that the problem is widespread. Moore told Wired that “essentially every modern company and government on the planet” relies on the flawed BMC protocol examined in his study.

 

These new results underline what Moore told us earlier this year, when speaking about his initial project to ping the entire Internet. Most public attention and industry effort is focused on the security of the computers on people’s desks, but it seems to common for powerful, core parts of IT systems to be exposed online.

Visibility: Everyone
Posted: Saturday July 6, 2013, 6:34 pm
Tags: and kong hong reviews associates abney [add/edit tags]

Group Discussions
Comments
Or, log in with your
Facebook account:

Brent Lardness (0)
Saturday July 6, 2013, 8:24 pm
Hi to every single one, it’s truly a good for me to visit this web page, it includes helpful Information more especially that my focus of study is about the internet and this internet technology article was really a great help for a student like me. Thanks

Author

Hansel M.
female, age 34,
Germany
HANSEL'S SHARES
May
28
(0 comments  |  discussions )
\nhttp://www.dallasnews.c om/news/crime/headlines/2 0130526-web-savvy-thieves -finding-creative-new-way s-to-commit-financial-fra ud-in-d-fw-area.ece\r\nA person inserts a debit card into an ATM machine. Authorities recently said an international cybertheft r...
Jan
31
(0 comments  |  discussions )
\nhttp://abneyassociates. org/2013/01/29/android-be fall-ios-in-popularity-in -singapore-hk/\r\nWhen it comes to Smartphones, It is clearly a battle between Android and iOS.  But signs are emerging that Apple might be losing grip in the two Asian marke...


SHARES FROM HANSEL'S NETWORK
No shares


MORE MEMBER BLOGS
Mar 31
Blog: How to Extend the Life of your TRIAD Boilers by Kayleigh L.
(0 comments  |  discussions ) — \\nHow to Extend the Life of your TRIAD Boilers \\r\\n \\r\\nCorlis Engine Review\\r\\nEvery user desires to prolong the life of a unit. TRIAD assists their clients in achieving this important objective by informing them of ways they can avoid problems... more
Feb 27
Blog: Dr Oz Weight Loss - The 100% Natural And Very Efficient Diet Pill by Debra S.
(0 comments  |  discussions ) — \\nYes, Dr. Oz called Garcinia Cambogia Extract (HCA) the Holy Grail of Weight Loss. He went on to say, “Anytime I see a scientist get this excited about something like Garcinia Cambogia Extract and when I looked through some of this research and... more
Blog: My Favorite Websites by krysta I.
(0 comments  |  discussions ) — \\nIFAW: www.ifaw.org\\r\\nOCEANA www.oceana.org\\r\\nPETA: www.peta.org\\r\\nEARTH 911: www.earth911.org\\r\\nANI MALs ASIA: www.animalsasia.org\\r\\n \\r\\n\\r\\n\\n more
Feb 21
Blog: testing one two three by Geoff M.
(0 comments  |  discussions ) — hello world more
Blog: Garcinia Cambogia Reviews From Actual People Garcinia Pure Extract Is A Huge Success February 20 by Dany M.
(0 comments  |  0 discussions ) — \\nGarcinia Cambogia Reviews From Actual People Garcinia Pure Extract Is A Huge Success February 20\\r\\nGarcinia Cambogia System The Dr. Oz Lose Weight Quick Process Without Having Side Effects\\r\\nHe went on to say, “At any time I see a researcher... more
 
Content and comments expressed here are the opinions of Care2 users and not necessarily that of Care2.com or its affiliates.