MongoDB Apocalypse Is Here as Ransom Attacks Hit 10,000 Servers(bleepingcomputer.com) |
MongoDB Apocalypse Is Here as Ransom Attacks Hit 10,000 Servers(bleepingcomputer.com) |
25% of mongodb installs externally accessible lack a fucking password on the admin account.
They deserve it. Maybe it will teach them something.
Then there is the fact that MongoDB is known for having a very bad reputation among software engineers. I could personally write down many horror stories that I experienced myself, plus all the things you get to hear from friends and tech blogs.
Maybe after this attack some companies ban it from their software stacks. I really hope they do so. The world would be a better place without MongoDB.
No. Just.. no.... Security of YOUR system is YOUR responsibility.
> In a world where software stacks have multiple applications, programming languages and databases, it happens that people are not experts in everything.
Hire one.
> Maybe after this attack some companies ban it from their software stacks.
Or maybe decision makers realise that yes, you do need to pay for skills.
My thoughts exactly.
I think it is extremely unfortunate that financial incentives are currently stacked against engineering responsibly -- a startup that tries to actually secure a well-built product will need to spend an often unaffordable amount of money or time doing so.
I tried search for me info, but could find anything. Was this the default? Procedure given in a popular tutorial? It seems pretty insane.
I agree. But what you are saying has nothing to do with whether a database should have sane defaults or not.
>> In a world where software stacks have multiple applications, programming languages and databases, it happens that people are not experts in everything. > Hire one.
You seem not to know much about the real world out there. Companies are struggling A LOT to find ANY people at all.
>> Maybe after this attack some companies ban it from their software stacks. > Or maybe decision makers realise that yes, you do need to pay for skills.
More money is not going to magically increase the pool of skilled software engineers around the world. If all the companies in the world increased what they pay, nothing would change, besides the fact that they would spend more money.
Defaults - sane or not - lead to exactly these types of situations. It encourages "it's good enough" thinking, and dilutes the feeling of responsibility.
> You seem not to know much about the real world out there.
yeah, yeah... yawn.
> Companies are struggling A LOT to find ANY people at all.
Uhm, not companies that are willing to pay good money for good devs/devops/sysadmins.
> More money is not going to magically increase the pool of skilled software engineers around the world.
I would argue that it is the software developers' job to develop software. It would be a sysadmin/devops type person to look after the infrastructure, and make sure it is properly secured. I see so many job ads for a single role (developer, engineer, CTO, whatever) and then a jobdescription for "must be able to do everything related to any aspect of all our IT". Hilarious.