If they took the time to install the thing, through multiple missteps and retries, once your thing finally works you know they're just going to load it up and go.
Let them, but later, if they want to make any changes or see their data, make them find the password. They won't delete it.
DO you want this to happen? From Slashdot:
A Hacker Has Wiped, Defaced More Than 15,000 Elasticsearch Servers (zdnet.com)
For the past two weeks, a hacker has been breaking into Elasticsearch servers that have been left open on the internet without a password and attempting to wipe their content, while also leaving the name of a cyber-security firm behind, trying to divert blame. From a report:According to security researcher John Wethington, one of the people who saw this campaign unfolding and who aided ZDNet in this report, the first intrusions began around March 24. The attacks appear to be carried with the help of an automated script that scans the internet for ElasticSearch systems left unprotected, connects to the databases, attempts to wipe their content, and then creates a new empty index called nightlionsecurity.com. The attacking script doesn't appear to work in all instances, though, as the nightlionsecurity.com index is also present in databases where the content has been left intact.
Look at all the routers at Best Buy, there's a sticker on them with the admin password ! Brilliant!
Perry
No comments:
Post a Comment