100,000 passwords exposed on IEEE FTP site

Posted: September 28, 2012 in IT Security News
Tags: , ,

data securityOn the FTP server IEEE month was unencrypted log file users of the resource.

Security researcher discovered that the server IEEE (Electrical and Electronics Engineers) has a database of names and passwords 100,000 users, which are stored in the public domain.

Radu Dragusin, a computer scientist who works at FindZebra and is teaching assistant at the University of Copenhagen, said in a blog post last week that he learned of the problem and wrote the administration IEEE, in order that the latter may respond. “The usernames and passwords kept in plaintext were publicly available on their FTP server for at least one month prior to my discovery,” states Radu Dragusin.

As shown by subsequent investigation, the data are publicly available on the FTP server, IEEE, and any user can obtain confidential information of many employees of Apple, Google, IBM, Oracle, Samsung, NASA, Stanford and other IT organizations. This file display all actions performed by users of resources such as ieee.org and spectrum.ieee.org.

“IEEE became aware of the incident involving the inadvertent provision of access to unencrypted log that contains the user ID and password. We conducted a thorough review, and the question was discussed and resolved. Now we send notices to all who touched the incident, “– said the administration IEEE.

Draguzin himself conducted research stolen from IEEE archive and published various statistics, including the most commonly used passwords – the first of which 123456 – geographic location of the resource users, browsers used by users, and more.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s