Stories
Slash Boxes
Comments

SoylentNews is people

posted by mrpg on Sunday March 25 2018, @05:43PM   Printer-friendly
from the is-etcd-like-inetd? dept.

"Leaky etcd servers could be a boon to data thieves and ransomware scammers."

etcd is described as "A distributed, reliable key-value store for the most critical data of a distributed system.".

Thousands of servers operated by businesses and other organizations are openly sharing credentials that may allow anyone on the Internet to log in and read or modify potentially sensitive data stored online.

In a blog post published late last week, researcher Giovanni Collazo said a quick query on the Shodan search engine returned almost 2,300 Internet-exposed servers running etcd, a type of database that computing clusters and other types of networks use to store and distribute passwords and configuration settings needed by various servers and applications. etcd comes with a programming interface that responds to simple queries that by default return administrative login credentials without first requiring authentication. The passwords, encryption keys, and other forms of credentials are used to access MySQL and PostgreSQL databases, content management systems, and other types of production servers.

Maybe it's just me, but if the phrases "store for the most critical data of a distributed system" and "Internet facing" both occur in your description of a node of your architecture, you're probably doing it wrong.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Interesting) by Anonymous Coward on Sunday March 25 2018, @09:35PM (1 child)

    by Anonymous Coward on Sunday March 25 2018, @09:35PM (#658080)

    Both are cut from the same mould of technical incompetence.

    People need to be held to account for design of broken shit, particularly if it is designed so poorly that it increases attack surfaces and reduces data security and privacy.

    Fuck the Linux world, it’s being reduced to extreme mediocrity.

    Starting Score:    0  points
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  

    Total Score:   1  
  • (Score: 2) by arcz on Monday March 26 2018, @04:33AM

    by arcz (4501) on Monday March 26 2018, @04:33AM (#658232) Journal
    While I agree to some extent linux also had a usability problem. I.e. linux can only do certain things, if you wanted it to do anything complex it was terrible at it. I'm not sure that systemd should have been rammed down everyone's throats like it was (having a choice would have been nice) it's still necessary to develop something along these lines. (to fix various limitations and stop using interpreted scripts when interpretation is expensive on modern cpus) That being said systemd is definitely beta quality software and should not be running on production servers IMO.