A Romanian researcher – Radu Drăgușin found that
100000 usernames and passwords of the Institute of Electrical and
Electronics Engineers (IEEE) was stored in plaint-text on
a publicly accessible FTP server.
According to him, on Sept. 18 he first discovered a log with
usernames and passwords in plaintext, publicly available via IEEE’s FTP
server for at least a month. He informed them of his find yesterday, and
evidently the organization is addressing the issue.
On the FTP server, according Dragusin were the logfiles for the
offers and ieee.org spectrum.ieee.org – Total data to approximately 376
million HTTP requests. Including 411,308 log entries with login and
password in plain text.
Among the users who’s information was exposed are researchers at
NASA, Stanford, IBM, Google, Apple, Oracle and Samsung. IEEE’s
membership of over 340,000 is roughly half American (49.8 percent as of
2011).
“IEEE suffered a data breach which I discovered on September
18. For a few days I was uncertain what to do with the information and
the data. Yesterday I let them know, and they fixed (at least partially)
the problem. The usernames and passwords kept in plaintext were
publicly available on their FTP server for at least one month prior to
my discovery. Among the almost 100.000 compromised users are Apple,
Google, IBM, Oracle and Samsung employees, as well as researchers from
NASA, Stanford and many other places. I did not and will not make the
raw data available to anyone else.” Message posted on researcher’s site.
Source: THN
This is nice posting about Embedded Systems Training. Thanks for posting it, keep it on.
ReplyDelete