Belgium Tops List Of Nations Most Vulnerable To Hacking

Alex Hern, reporting for The Guardian:A new "heat map of the internet" has revealed the countries most vulnerable to hacking attacks, by scanning the entire internet for servers with their front doors wide open. Produced by information security firm Rapid7, the National Exposure Index finds that the most exposed country in the world is Belgium, followed by Tajikistan, Samoa and Australia. The U.S. comes 14th and the UK 23rd. [...] Tom Beardsley, one of the report's three authors, was surprised by his own findings. "We expected to find that the most exposed countries were also the richest," he explained. The richest countries (by aggregate GDP, which place large countries like China near the top of the list) were likely to have the most net-connected devices, which should mean they proportionally have the most potential for damage. "If you're a rich country, you have a lot of internet. But we didn't find any correlation between the number of nodes and the exposure."

Bad headline

[campuscodi]

The Guardian flubbed its headline. I read the Rapid7 report and the most worrying detail was the fact that there are still over 15 million Internet-available Telnet ports, 7.8 million MySQL ports, 8.8 million RDP, and 5.2 million VNC ports. https://information.rapid7.com...

Re:Bad headline

[dfsmith]

Agreed. "Exposed ports" != "vulnerable ports".

I have no problem with telnet as long as you can't access anything too interactive (e.g., a shell) through it. After all, http, SMTP, POP, daytime, chargen and echo are all telnet-like protocols. (Ok, not really, but close enough,) It used to be quite fun to run a honeypot (fake) telnet server to see what was happening in the wild woolly internet.

Even open, unencrypted RDP and VNC have a [narrow] use case (broadcasting games and videos, anyone?)

Can't think of a good use case for open SQL ports though; except for very specialized applications.

Re:Bad headline

[Rob+Kaper]

Agreed. "Exposed ports" != "vulnerable ports".

True, but unnecessary exposure is still an extra risk incase of a vulnerability.

I wish I could stricten access to services such as IMAP, can't wait for my LTE provider to roll out IPv6 so I can open it up to just me and not the whole world (or everyone with the same provider).

Re:Passing the blame

[Incadenza]

As with everything else, the Europeans will blame the US for this.

The Belgiums can blame the UK, it was the GCHQ that hacked Belgacom, their biggest telco.

Re:Passing the blame

[Guybrush_T]

This does not make any point nor sense. Was it supposed to be funny ? a troll ?

Vietnam, Pakistan, Israel and Singapore at bottom.

[blind+biker]

As the great Nate Diaz would say: I'm not surprised, motherfuckers! All four countries are being targeted by relatively large populations of hostile nations (Pakistan ---- India, Israel ---- Islamic world, Vietnam ---- China, Singapore ---- Islamic world AND China).
In my mind it seems clear that nations who have been targeted for some time, have built up better "defenses" i.e. practices and protocols.

Try the veal

[PopeRatzo]

Belgium Tops List Of Nations Most Vulnerable To Hacking

It's because their leaders keep waffling.

Unrelated, but Monty Python: Belgians

[turp182]

I recall this from 30 years ago (when in middle school):
https://www.youtube.com/watch?...

ipv6 and open ports

[cobbaut]

More than half of Belgium is on ipv6, the test only includes ipv4 hosts.

And since when does 'open port' equal 'vulnerability' ?