The MongoDB Exploit with Niall Merrigan
Are your noSQL stores safe? While at NDC London, Richard chatted with Niall Merrigan about the latest wave of exploits targeting MongoDB, ElasticSearch and others. As Niall explains, the challenge is that the default security models for many of these products leaves them vulnerable to outside attack. As these attacks have progressed, they have presented themselves as ransomware - data is removed and a bitcoin account offered up to restore the data. However, to date, even when the ransoms are paid, no data is restored. Apparently there is no honor among thieves. Now is a great time to review your security vulnerabilities, and Niall suggests looking at your systems the same way hackers do, through tools like Shodan. Give yourself a security checkup!