Slashdot Mirror
One Petabyte of Data Exposed Via Insecure Big Data Systems
chicksdaddy writes: Behind every big data deployment is a range of supporting technologies like databases and memory caching systems that are used to store and analyze massive data sets at lightning speeds. A new report from security research firm Binaryedge suggests that many of the organizations using these powerful data storage and analysis tools are not taking adequate steps to secure them. The result is that more than a petabyte of stored data is accessible to anyone online with the knowledge of where and how to look for it.
In a blog post on Thursday, the firm reported the results of research that found close to 200,000 such systems that were publicly addressable. Binaryedge said it found 39,000 MongoDB servers that were publicly addressable and that "didn't have any type of authentication." In all, the exposed MongoDB systems contained more than 600 terabytes of data stored in databases with names like "local," "admin," and "db." Other platforms that were found to be publicly addressable and unsecured included the open source Redis key-value cache and store technology (35,000 publicly addressable instances holding 13TB of data) and 9,000 instances of ElasticSearch, a commonly used search engine based on Lucene, that exposed another 531 terabytes of data.
In a blog post on Thursday, the firm reported the results of research that found close to 200,000 such systems that were publicly addressable. Binaryedge said it found 39,000 MongoDB servers that were publicly addressable and that "didn't have any type of authentication." In all, the exposed MongoDB systems contained more than 600 terabytes of data stored in databases with names like "local," "admin," and "db." Other platforms that were found to be publicly addressable and unsecured included the open source Redis key-value cache and store technology (35,000 publicly addressable instances holding 13TB of data) and 9,000 instances of ElasticSearch, a commonly used search engine based on Lucene, that exposed another 531 terabytes of data.
How dare you refer to exposed servers run by idiots as MongoDB servers.
The term "Mongoloid" is an offensive term for people who Down's Syndrome. They may also be Asian.
I demand that this story be retracted and reworked to be less offensive. I also expect the submitter and slashdot to make a sizeable donation to my foundation, which helps people with Down's Syndrome. Only then can he or she be forgiven. Using the "m" word is similar to using the "n" word around African-Americans, and I am deeply offended.
I also expect slashdot and the submitter to publish an apology. I want at least $300,000.
Hey, if it works for Al Sharpton and Jesse Jackson, why can't it work for me?
This is not a shakedown. Unlike those other guys, I will actually use this money to help the people I claim to represent.
There's no need to secure mongoDB because it's webscale. That means it's invulnerable to hackers and bad programming.
Just cruising through this digital world at 33 1/3 rpm...