Rietta
Rietta.com Security
You are reading The Rietta Blog, a publication about the web since 2005.

The MongoDB Hack and the Importance of Secure Defaults

Comments

Tim Kadlec has written a fantastic blog post that you should read right away at https://snyk.io/blog/mongodb-hack-and-secure-defaults.

It starts with: “If you have a MongoDB installation, now would be the time to verify that it is secure. Since just before Christmas, over 28,000 public MongoDB installs have been hacked. The attackers are holding the hacked data ransom, demanding companies pay using Bitcoins to get their data back. From the looks of it, at least 20 companies have given in and paid the ransom so far. This post explains the hack, how to protect yourself, and what we can learn from it.”

This is a topic that I’ve found to be important in my work with clients. I’ve written about it privately and even Tweeted along these lines. Hats off to Mr. Kadlec for publishing this. One of my friends, Bennie, had found a great analogy for the Mongo situation saying that “as is true in many cases with everything, it is pilot error! The big difference is people are able to ‘fly’ software without giving proof they’ve had ‘flying’ lessons!”

Other Items

Before Christmas, I posted some new videos up at https://rietta.com/learning/appsec. Namely the first two lessons in a new series of security in software development. Start to learn how developers can help prevent a data breach and the roles of blue, red, and purple teams in software development.

One Last Thing

Please let me know your application security questions and I will do my best to answer, possibly by video!

About Frank Rietta

Frank Rietta's photo

Frank Rietta is a web application security consultant, software developer, author, and speaker. He is a computer scientist with a Masters in Information Security from the College of Computing at the Georgia Institute of Technology. He teaches about security topics and is a contributor to the security chapter of the 7th edition of the "Fundamentals of Database Systems" textbook published by Addison-Wesley.

Comments