Slashdot Mirror

← Back to Stories (view on slashdot.org)

How a Port Misconfiguration Exposed Critical Infrastructure Data (helpnetsecurity.com)

Posted by msmash on from the oops dept.

An anonymous reader writes: Attacks hitting companies' electrical systems are possible, especially when information that provides insight into those systems' weak points is freely accessible online. If you think that such a thing is unlikely, you probably haven't yet heard about the most recent discovery made by UpGuard researchers: an open port used for rsync server synchronization has left the network of Power Quality Engineering (PQE) wide open to malicious attackers. They managed to access and exfiltrate 205 GB of data from PQE's servers, up until the moment when the company secured its systems two days later after being notified of the problem.

3 of 49 comments (clear)

  1. If a single port misconfiguration... by Anonymous Coward · · Score: 2, Interesting

    If a single port misconfiguration puts your data security at risk, you are doing it wrong. That's all folks!

    1. Re:If a single port misconfiguration... by _Sharp'r_ · · Score: 4, Interesting

      At the risk of replying to myself, I just went and looked and rsync has had using ssh as the default config for 13 years now...

      --
      The party of stupid and the party of evil get together and do something both stupid and evil, then call it bipartisan.
  2. Pen testing is good by steveo777 · · Score: 3, Interesting

    Pay someone to do even a light check of your network. You never know.

    Something very similar happened at an old employer. We did network and voice support for an auto dealer. Every month their long distance and international bills were unjustifiably enormous, but they didn't tell US about it, preferring to bitch at the phone company directly (company was horribly run, really). At some point or another they finally got fed up and told us they didn't want international calls to go out (this was the first thing we heard about the problem) and I turned it off for all but a select set of phone numbers. Over the next few months we get requests to turn off LD on all these extensions and back on. The boss is getting paid so when I get a bit angry about all the stupid switching around he doesn't want me to ask. We started looking into it anyways, and it turned out that one of their headless phone numbers was basically an open relay. The system had been set up by engineers that were long gone, so we just closed off the relay.

    However, someone noticed this and used the relay to call around... for about a year. Got thousands of dollars in free calling.

    --
    This sig isn't original enough, it's time to come up with something witty...