A computer scientist According were on an FTP server of the Institute of Electrical and Electronics Engineers (IEEE) approximately 100,000 as text stored user names and passwords in public as part of web server log files accessible. Radu Dragusin writes that he had informed the IEEE last week, giving him the possibility was that vulnerability fix “at least partially”.
Created by IP Address Location Map of compromised IEEE members
The data should be at least a month was available through the File Transfer Protocol (FTP).The affected IEEE members work about Apple, Google, IBM, NASA, Oracle, Samsung, and Stanford University. Because of the gap, the logs of all of their interactions with the sites and ieee.org spectrum.ieee.org were exposed.
Dragusin Find yourself working at Zebra. He is a lecturer at the University of Copenhagen. For the message of the gap it seems the extra-domainieeelog.com to have set up.
The IEEE commented to News.com , she learned of an incident in which had accidentally been possible to access unencrypted logs. “We conducted a thorough investigation, and the problem was solved. We just inform all concerned. “
Dragusin According to the operator of the server did the same a number of errors. Sun web server logs should never be publicly available. For passwords verse with Instant Salt hashing was deemed best solution because it would reduce just in case an access error effects. And finally it is generally safe to store passwords in logs – and then also unencrypted.