|
|
|
|
|
|
by xyunknown
3448 days ago
|
|
|
I am not affected by this hostage taking. On the contrary, I am one of the authors of the aforementioned info paper from early '15 warning about this kind of stuff. If you want more information about the incident back then, look me up my name is Kai Greshake. The paper linked above also contains all you need to know about why this incident today happened. As a response MongoDB also updated their security guidelines back then, but refused to change the open-default mechanism and easy-to-do-wrong configuration, arguing that it was aconcious design choice.Turns out this was a bad decision, at least in my eyes, as this is not the first related incident, there were many breaches etc. based around open-default databases in the past 2 years, exposing millions of account info, voting data, and industry equipment. |
|
|