Researchers: IEEE site was 100,000 passwords publicly

By -

A computer scientist According were on an FTP server of the Institute of Electrical and Electronics Engineers (IEEE) approximately 100,000 as text stored user names and passwords in public as part of web server log files accessible. Radu Dragusin writes that he had informed the IEEE last week, giving him the possibility was that vulnerability fix “at least partially”.

Map of IEEE members

Created by IP Address Location Map of compromised IEEE members 

The data should be at least a month was available through the File Transfer Protocol (FTP).The affected IEEE members work about Apple, Google, IBM, NASA, Oracle, Samsung, and Stanford University. Because of the gap, the logs of all of their interactions with the sites and were exposed.

Dragusin Find yourself working at Zebra. He is a lecturer at the University of Copenhagen. For the message of the gap it seems the to have set up.

The IEEE commented to , she learned of an incident in which had accidentally been possible to access unencrypted logs. “We conducted a thorough investigation, and the problem was solved. We just inform all concerned. “

Dragusin According to the operator of the server did the same a number of errors. Sun web server logs should never be publicly available. For passwords verse with Instant Salt hashing was deemed best solution because it would reduce just in case an access error effects. And finally it is generally safe to store passwords in logs – and then also unencrypted.

He has over 5 years of experience as Online Media and Marketing Consultant, which allow him to enable companies to enhance and meet their Digital marketing goals. He has experience as both in-house and Agency Digital Marketing Experts. Ha has spent the most recent 4 years of his career focusing building Strong terms of Digital Marketing for his clients. In addition to his strengths on Building Brands and Serving Online Marketing strategy for his clients.

Comments are closed.