Slashdot Mirror

← Back to Stories (view on slashdot.org)

Belgium Tops List Of Nations Most Vulnerable To Hacking (theguardian.com)

Posted by msmash on from the nothing-to-be-proud-of dept.

Alex Hern, reporting for The Guardian:A new "heat map of the internet" has revealed the countries most vulnerable to hacking attacks, by scanning the entire internet for servers with their front doors wide open. Produced by information security firm Rapid7, the National Exposure Index finds that the most exposed country in the world is Belgium, followed by Tajikistan, Samoa and Australia. The U.S. comes 14th and the UK 23rd. [...] Tom Beardsley, one of the report's three authors, was surprised by his own findings. "We expected to find that the most exposed countries were also the richest," he explained. The richest countries (by aggregate GDP, which place large countries like China near the top of the list) were likely to have the most net-connected devices, which should mean they proportionally have the most potential for damage. "If you're a rich country, you have a lot of internet. But we didn't find any correlation between the number of nodes and the exposure."

35 comments

  1. Bad headline by campuscodi · · Score: 2

    The Guardian flubbed its headline. I read the Rapid7 report and the most worrying detail was the fact that there are still over 15 million Internet-available Telnet ports, 7.8 million MySQL ports, 8.8 million RDP, and 5.2 million VNC ports. https://information.rapid7.com...

    1. Re:Bad headline by dfsmith · · Score: 3, Interesting

      Agreed. "Exposed ports" != "vulnerable ports".

      I have no problem with telnet as long as you can't access anything too interactive (e.g., a shell) through it. After all, http, SMTP, POP, daytime, chargen and echo are all telnet-like protocols. (Ok, not really, but close enough,) It used to be quite fun to run a honeypot (fake) telnet server to see what was happening in the wild woolly internet.

      Even open, unencrypted RDP and VNC have a [narrow] use case (broadcasting games and videos, anyone?)

      Can't think of a good use case for open SQL ports though; except for very specialized applications.

    2. Re:Bad headline by fuzzyfuzzyfungus · · Score: 1

      It would be useful to know what the relationship between "number of ports open" and "number of ports actually being used" is.

      A port with something listening on it is always going to be more vulnerable than one without, since there might be some defect in the listening application that could be exploited by bouncing the right input off it; but that is likely a lower risk than the fairly egregious "If you remotely connect via telnet or VNC anyone can just sniff your password off the wire" problem.

      If the problem is with the configuration on the server side, telnet isn't really any more dangerous than SSH, since both will horribly fail to stop somebody guessing root's weak password; but with telnet anyone actually trying to use it is leaking information to anyone with access to the wire; while with encrypted protocols you at least have to screw up to be vulnerable.

      It's a real pity about VNC. It can be made secure(Apple's "ARD" is pretty much VNC with their authentication bolted on); but none of the widely available and interoperable implementations are remotely safe unless SSH tunnelled or the like.

    3. Re:Bad headline by Rob+Kaper · · Score: 2

      Agreed. "Exposed ports" != "vulnerable ports".

      True, but unnecessary exposure is still an extra risk incase of a vulnerability.

      I wish I could stricten access to services such as IMAP, can't wait for my LTE provider to roll out IPv6 so I can open it up to just me and not the whole world (or everyone with the same provider).

  2. Re:Passing the blame by Opportunist · · Score: 1

    More likely they'll blame the EU. It's closer and more tangible, and it's far from impossible that it's actually really what is to blame.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  3. Belgium by Anonymous Coward · · Score: 0

    Is vulnerable to everything.

    1. Re:Belgium by Tablizer · · Score: 1

      ...is vulnerable to everything.

      Yah, those Belgians are wafflers

      --
      Table-ized A.I.
    2. Re:Belgium by hcs_$reboot · · Score: 1

      Especially good chocolates

      --
      Slashdot, fix the reply notifications... You won't get away with it...
  4. Be right back by JustAnotherOldGuy · · Score: 1

    BRB, going to hack Belgium.

    --
    Just cruising through this digital world at 33 1/3 rpm...
  5. Re:Passing the blame by Incadenza · · Score: 2

    As with everything else, the Europeans will blame the US for this.

    The Belgiums can blame the UK, it was the GCHQ that hacked Belgacom, their biggest telco.

  6. Sanders by Tablizer · · Score: 1

    <fox-news-mode>
    See, Bernie's Democratic Socialism is already failing!
    </fox-news-mode>

    --
    Table-ized A.I.
    1. Re:Sanders by blind+biker · · Score: 1

      I don't see any of the Nordic countries on the list, and Germany is in a solid position. While Belgium is certainly more socially progressive than the US, it's the European Nordic countries and Germany that are the real standard of socialist democracy.

      --
      "The agriculture ministry is not in charge of Gundam" - Japanese ministry official.
    2. Re:Sanders by Tablizer · · Score: 1

      I disagree with Sander's definition of "socialism". I'd say a country's GDP would have to be roughly 2/3 government to call it "socialist". His example countries are generally hybrids.

      --
      Table-ized A.I.
    3. Re:Sanders by Shinobi · · Score: 1

      Denmark is on the list, so a nordic country is represented in there. And I'm not entirely surprised by them being on the list either.

    4. Re:Sanders by Anonymous+Cow+Ward · · Score: 1

      No, the Nordic countries and Germany are *social* democracies, not *socialist* democracies. Their private sectors are far too large to really be socialists. What they have is a mixed market economy that also happens to have a strong social welfare safety net.

      --
      Examine even your most deeply held beliefs. Nobody is always right.
  7. Re:Passing the blame by Guybrush_T · · Score: 2

    This does not make any point nor sense. Was it supposed to be funny ? a troll ?

  8. Vietnam, Pakistan, Israel and Singapore at bottom. by blind+biker · · Score: 2

    As the great Nate Diaz would say: I'm not surprised, motherfuckers! All four countries are being targeted by relatively large populations of hostile nations (Pakistan ---- India, Israel ---- Islamic world, Vietnam ---- China, Singapore ---- Islamic world AND China).
    In my mind it seems clear that nations who have been targeted for some time, have built up better "defenses" i.e. practices and protocols.

    --
    "The agriculture ministry is not in charge of Gundam" - Japanese ministry official.
  9. Goodies or Badies? by dohzer · · Score: 1

    You're going to be vulnerable to hacking from badies if you want the goodies to be able to do their job.

  10. Re:Passing the blame by myowntrueself · · Score: 1

    As with everything else, the Europeans will blame the US for this. Somehow. When they don't like something, it's always the fault of the US and how the US supposedly forces their laws on Europe. I can't imagine this will be any different.

    Well there is that DNS system that the US wants to maintain control over, so we can blame the US for that!

    --
    In the free world the media isn't government run; the government is media run.
  11. Re:Passing the blame by Anonymous Coward · · Score: 0

    "If you're a rich country, you have a lot of internet. But we didn't find any correlation between the number of nodes and the exposure."

    Just like poverty is not the only determining factor of crime. Blacks commit more crimes than whites and asians, period. The excuses wear thin.

  12. Try the veal by PopeRatzo · · Score: 4, Funny

    Belgium Tops List Of Nations Most Vulnerable To Hacking

    It's because their leaders keep waffling.

    --
    You are welcome on my lawn.
    1. Re:Try the veal by Anonymous Coward · · Score: 0

      It's only a Drupal in the pond for Belgium.

  13. happy or sad? by Anonymous Coward · · Score: 0

    I'm feeling conflicted at the fact that Canada isn't on there... And I'm thinking that maybe it was just overlooked for some reason, there's no way we are more secure than some of the other countries on there...

  14. Unrelated, but Monty Python: Belgians by turp182 · · Score: 2

    I recall this from 30 years ago (when in middle school):
    https://www.youtube.com/watch?...

    --
    BlameBillCosby.com
  15. Dubious numbers by Anonymous Coward · · Score: 0

    I find the numbers hard to believe. If I look at the full list in the original article, I miss large countries like Italy or even India. Also, smaller but very internet-active countries like the Netherlands are missing.

  16. Damn! by Anonymous Coward · · Score: 0

    I again forgot to halt my honeypots in Belgium.

  17. Re:Passing the blame by Anonymous Coward · · Score: 0

    "Belgiums". I think you meant "Belgians". Even though Belgium has different regions if you divide it according to the spoken language, there still is just one "Belgium" as far as I am aware ;-)

  18. ipv6 and open ports by cobbaut · · Score: 3, Interesting

    More than half of Belgium is on ipv6, the test only includes ipv4 hosts.

    And since when does 'open port' equal 'vulnerability' ?

    --
    European Linux user, living in Antwerp
  19. Suspicions finally confirmed by Anonymous Coward · · Score: 0

    It's no coincidence that Belgium, the country that gave us Drupal, is #1.

  20. Re:Passing the blame by Anonymous Coward · · Score: 0

    Nope, one part of the country will blame the Walloons and the other part will blame the Flemmings. But those who don't want to go the way of blaming the other community will probably blame the socialists when they are liberal or conservative while the socialists will blame the conservatives or the liberals (or both).

    They will organize a committee with representatives of all parties who will 'investigate' the problem, and after many tax paid diners, travels and expense bills, they come to the conclusion it is a problem with the structure of the state. Then when the problem is know, they will blame the Walloons or the Flemmings or the socialists or the conservatives or the liberals, but nobody will ever blame themselves.

  21. Yeah, after NSA hid on their network for over 10 y by Anonymous Coward · · Score: 0

    It comes to no suprise. Belgium is a dysfunctional state. I'd move EU parliament to Strasbourg in a heart beat, if I could.

  22. Not surprised by Anonymous Coward · · Score: 0

    Being Belgian myself, I know that in most companies everything works by making political compromises. For example which solution gets chosen is a political compromise between two or more opinions. Usually a ugly monster that works for nobody comes out of it.

    And that doesn't make things more secure.

  23. Re:Yeah, after NSA hid on their network for over 1 by Anonymous Coward · · Score: 0

    You think the organizations in the European area of Brussels rely on the Belgian government for their security?

    No.