|
|
|
|
|
|
by atom_enger
3481 days ago
|
|
|
This isn't that uncommon, unfortunately. You'd be surprised what you can find out there that's waiting to be taken by the wrong person if you use a tool like masscan to scan large portions of the internet quickly. Search default ports for elasticsearch, mongo.. etc. It's scary how easy it is to find these and set these databases up with insecure defaults. Question is, how do you go about safely reporting this especially when you find this kind of data? I blame operator ignorance and service provider insecure defaults(I'm looking at you AWS Elasticsearch). |
|
|