[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] Researcher says 100,000 passwords exposed on IEEE site
From:       InfoSec News <alerts () infosecnews ! org>
Date:       2012-09-26 9:42:23
Message-ID: alpine.DEB.2.02.1209260442110.7728 () infosecnews ! org
[Download RAW message or body]

http://news.cnet.com/8301-1009_3-57520112-83/researcher-says-100000-passwords-exposed-on-ieee-site/


By Elinor Mills
Security & Privacy
CNET News
September 25, 2012

A computer scientist says he discovered that a server of the IEEE 
(Institute of Electrical and Electronics Engineers) had about 100,000 
usernames and passwords stored in plaintext and publicly accessible.

Radu Dragusin, a computer scientist who works at FindZebra and is a 
teaching assistant at the University of Copenhagen, writes in a blog 
post that he discovered the problem last week and notified the IEEE 
about his findings, enabling them to "at least partially" fix the 
problem.

The data was publicly available on the IEEE FTP (File Transfer Protocol) 
server for at least a month, potentially exposing usernames and 
passwords of people who work at Apple, Google, IBM, Oracle, Samsung, 
NASA, Stanford, and other organizations and firms, he said. The glitch 
exposed all the actions the users performed on the ieee.org site, as 
well as spectrum.ieee.org, he added.

[...]


--
ExpandingSecurity.com Live OnLine classes won&#8217;t wreck your schedule.
Get that cert and be done before 2012 ends. Last ISSAP 2012 class starts
Sept. 25th. Last 2012 CISSP and CEH starts Oct. 1:
CEH info signup: http://www.expandingsecurity.com/product/ceh-certified-ethical-hacker-online/
 CISSP info signup: http://www.expandingsecurity.com/product/cissp-live-online-10-week-course/
 ISSAP info signup: http://www.expandingsecurity.com/product/issap-information-systems-security-architecture-professional/ \



[prev in list] [next in list] [prev in thread] [next in thread]