Feeds

IEEE slips up, leaks logins

FTP server logs unsecured, leaving Apple, Google, IBM and Oracle details exposed

Internet Security Threat Report 2014

IEEE members will be scrambling to change their logins after it emerged that more than 100,000 members’ names and plaintext passwords were left in plain sight for more than a month.

In this documentation and analysis of the breach, Danish FindZebra computer scientist Radu Dragusin notes, among other things, that bad password habits can exist even among the computer scientists, engineers and standards-developers of the IEEE as anywhere else. The most common password, he notes, was “123456”, followed closely by ieee2012.

Dragusin says the data was left lying around – along with raw Web server logs documenting more than 376 million HTTP requests – on an IEEE FTP server at ftp://ftp.ieee.org/uploads/akamai/ (the server was closed after he reported it to the organization).

While he highlighted some big-name companies and organisations whose staffers’ IEEE logins were compromised – Apple, Google, IBM, Oracle, Samsung, NASA, Stanford University and so on – practically any outfit that employs high-ranking engineers in electrical, electronics, computer sciences and communications disciplines will probably get mentioned somewhere in the logs.

Dragusin has undertaken not to make any of the raw data public. It’s not known at this stage whether any other organization downloaded the same data set, or if anything odd has happened to any standards developments processes. ®

Remote control for virtualized desktops

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Syrian Electronic Army in news site 'hack' POP-UP MAYHEM
Gigya redirect exploit blamed for pop-rageous ploy
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Mitigating web security risk with SSL certificates
Web-based systems are essential tools for running business processes and delivering services to customers.