The MongoDB Exploit with Niall Merrigan

Are your noSQL stores safe? While at NDC London, Richard chatted with Niall Merrigan about the latest wave of exploits targeting MongoDB, ElasticSearch and others. As Niall explains, the challenge is that the default security models for many of these products leaves them vulnerable to outside attack. As these attacks have progressed, they have presented themselves as ransomware - data is removed and a bitcoin account offered up to restore the data. However, to date, even when the ransoms are paid, no data is restored. Apparently there is no honor among thieves. Now is a great time to review your security vulnerabilities, and Niall suggests looking at your systems the same way hackers do, through tools like Shodan. Give yourself a security checkup!

Episode 519 of the RunAs Radio podcast, hosted by Richard Campbell, titled "The MongoDB Exploit with Niall Merrigan" was published on February 15, 2017 and runs 29 minutes.

February 15, 2017 ·29m · RunAs Radio

Summary

Are your noSQL stores safe? While at NDC London, Richard chatted with Niall Merrigan about the latest wave of exploits targeting MongoDB, ElasticSearch and others. As Niall explains, the challenge is that the default security models for many of these products leaves them vulnerable to outside attack. As these attacks have progressed, they have presented themselves as ransomware - data is removed and a bitcoin account offered up to restore the data. However, to date, even when the ransoms are paid, no data is restored. Apparently there is no honor among thieves. Now is a great time to review your security vulnerabilities, and Niall suggests looking at your systems the same way hackers do, through tools like Shodan. Give yourself a security checkup!

Episode Description