Slashdot Mirror
Shodan Search Exposes Thousands of Servers Hosting Passwords and Keys (fossbytes.com)
Thousands of etcd servers "are spitting sensitive passwords and encrypted keys," reports Fossbytes:
Security researcher Giovanni Collazo was able to harvest 8781 passwords, 650 AWS access keys, 23 secret keys, and 8 private keys. First, he ran a query on the hacker search engine Shodan that returned around 2300 servers running etcd database. Then, he ran a simple script that gave him the login credentials stored on these servers which can be used to gain access to CMSs, MySQL, and PostgreSQL databases, etc.
etcd is a database used by computing clusters to store and exchange passwords and configuration settings between servers and applications over the network. With the default settings, its programming interface can return administrative login credentials without any authentication upfront... All of the data he harvested from around 1500 servers is around 750MB in size... Collazo advises that anyone maintaining etcd servers should enable authentication, set up a firewall, and take other security measures.
Another security research independently verified the results, and reported that one MySQL database had the root password "1234".
etcd is a database used by computing clusters to store and exchange passwords and configuration settings between servers and applications over the network. With the default settings, its programming interface can return administrative login credentials without any authentication upfront... All of the data he harvested from around 1500 servers is around 750MB in size... Collazo advises that anyone maintaining etcd servers should enable authentication, set up a firewall, and take other security measures.
Another security research independently verified the results, and reported that one MySQL database had the root password "1234".
The more I see of this over my 20+ year career and going, just reminds me of the thinning (and dying) crowd of truly experienced, intelligent, well-rounded and top-shelf skilled folks who call or hold a position of sys/network admin. I've always tried to come to some sane conclusion that it was just another configuration mistake, oversight and being in an overwhelming/demanding position, over pressured in getting something done now vs right, being purely lazy, or any other myriad of workplace excuses I want to try to explain shit like this and it really comes down to: most people are NOT good at a job like that and having an absolute polished computing and work experience background to do a good job.
Just kind of like going to a national chain restaurant, coffee shop or what-the-fuck ever in some other side of town, city or state: They all have the same ingredients, recipes and tools to make it the same, but don't the intellect, care, skill, tenacity and drive that my Applebee's burger or Starbucks Cafe Misto tasted way fucking better over here than it did over there?
Making the argument that I didn't know how to run the grill, espresso machine or cash register isn't any different than fake-victimizing yourself about configuring user-land tools or services, reading a fucking 'man' page (yes they skill exist and are maintained, kids), thinking about something before you do it and relying on intuition or experience, reading a book/manual/whitepaper, doing shit the 'right' way vs googling or stack-overflowing your way through it IMHO.