Click here to receive your FREE subscription to Campus Technology
News
Security Experts Alarmed by Exposed Database Servers
11/16/2007
John Heidemann of USC's ISI said he didn't know enough about Litchfield's technique to endorse or debunk the findings, but stressed that it's impossible to determine from the ANT Census exactly how many servers are vulnerable. Still, he added that Litchfield's work is a reminder that IT pros should take common sense steps.
"It is easy to take a skewed survey if one is not careful. It is also easy to take a valid survey, but then project incorrectly and end up with inaccurate estimates. If (Litchfield's) methodology is correct, it sounds like there are perhaps a lot of people that need to be more diligent."
Security gurus agree that despite the fact the survey findings may not have included an adequate control group for offline servers, honeypot or decoy servers, every last machine should be patched and behind a firewall whether deployed in production or not.
"Some people may say this is no big deal, but if the stars are aligned, I can do some serious damage through a SQL server entry point," said Eric Schultze, chief technology officer of St. Paul, Minn.-based Shavlik Technologies. "But I can get in on your company network, hack into a government network and look like the hacking is being done from your company. People haven't really thought about SQL servers, but these findings are a wake-up call."
Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others. You can contact Jabulani at editor@entmag.com.
Cite this Site
copy text (above) for proper citation
Recommended Reading
- Digital Arts Alliance Adds Fordham U
The Digital Arts Alliance, a consortium led by the Pearson Foundation that promotes digital arts in K-12 education, is expanding its membership with the addition of Fordham University. This follows on the heels of three other organizations joining the group back in July--the National Education Association (NEA) Foundation, the Foundation for Investor Education, and Employers For Education Excellence (E3).
- Payment Card Security Toughens with DSS 1.2 Release
Opinions are mixed on what the new Payment Card Industry (PCI) DSS 1.2 standard will mean for security pros going forward. However, the mandate is clear: protect data.
- 6 Universities Join NASA Astrobiology Institute
Research teams from six universities have been selected by NASA to become members of its Astrobiology Institute with the aim of exploring the "origins, evolution, distribution, and future of life in the universe." Teams were each awarded five-year grants, averaging $7 million each, according to NASA.
- Amazon To Host Microsoft Solutions in the Cloud
Amazon announced Wednesday that it is conducting a private beta test of Microsoft's server products running on Amazon's hosted computing platform, which is called Amazon Elastic Compute Cloud (EC2). Amazon expects to offer companies the ability to run their applications on EC2 using Microsoft Windows Server or Microsoft SQL Server sometime in the fall, according to an announcement issued by the company.
- CRM Pushing into New Areas of Higher Ed
Implementing a customer relationship management (CRM) solution can require "difficult or even painful behavioral challenges" for administrators in higher education, according to Nicole Engelbert, a lead analyst with research and analysis firm Datamonitor. "It means re-orienting yourself to your students. That can be tough, so you need to be ready for that."
- Integrated Collaborative Environment Leverages Web 2.0
Here's a bit of trivia for your next high-tech happy hour: A "nog" (in addition to being a Christmas favorite) is a wooden block built into a masonry wall so that joinery structure can be nailed to it. For the founders of Piscataway, N.J.-based startup Bluenog this obscure bit of carpentry nomenclature was the perfect metaphor for an integrated software suite that includes a content management system (CMS), rich portal features and business intelligence (BI) capabilities.
