Information Security News mailing list archives
Researcher says 100,000 passwords exposed on IEEE site
From: InfoSec News <alerts () infosecnews org>
Date: Wed, 26 Sep 2012 04:42:23 -0500 (CDT)
http://news.cnet.com/8301-1009_3-57520112-83/researcher-says-100000-passwords-exposed-on-ieee-site/ By Elinor Mills Security & Privacy CNET News September 25, 2012A computer scientist says he discovered that a server of the IEEE (Institute of Electrical and Electronics Engineers) had about 100,000 usernames and passwords stored in plaintext and publicly accessible.
Radu Dragusin, a computer scientist who works at FindZebra and is a teaching assistant at the University of Copenhagen, writes in a blog post that he discovered the problem last week and notified the IEEE about his findings, enabling them to "at least partially" fix the problem.
The data was publicly available on the IEEE FTP (File Transfer Protocol) server for at least a month, potentially exposing usernames and passwords of people who work at Apple, Google, IBM, Oracle, Samsung, NASA, Stanford, and other organizations and firms, he said. The glitch exposed all the actions the users performed on the ieee.org site, as well as spectrum.ieee.org, he added.
[...] -- ExpandingSecurity.com Live OnLine classes won’t wreck your schedule. Get that cert and be done before 2012 ends. Last ISSAP 2012 class starts Sept. 25th. Last 2012 CISSP and CEH starts Oct. 1: CEH info signup: http://www.expandingsecurity.com/product/ceh-certified-ethical-hacker-online/ CISSP info signup: http://www.expandingsecurity.com/product/cissp-live-online-10-week-course/ISSAP info signup: http://www.expandingsecurity.com/product/issap-information-systems-security-architecture-professional/
Current thread:
- Researcher says 100,000 passwords exposed on IEEE site InfoSec News (Sep 26)