[Infowarrior] - NYSE data exposed on FTP server
Richard Forno
rforno at infowarrior.org
Wed Jul 29 02:50:08 UTC 2009
http://www.wired.com/threatlevel/2009/07/nyse/#more-7453
Sensitive information about the technical infrastructure of the New
York Stock Exchange computer network was left unsecured on a public
server for possibly more than a year, Wired.com has learned.
The data was removed after Wired.com disclosed the situation to the
NYSE. It included several directories of files containing logs, server
names, IP addresses, lists of hardware, lists of software versions
running on the network, and configuration and patch histories
(including which patches have not yet been installed). It was all
available on a publicly accessible, unprotected FTP server maintained
by EMC, a company that sells storage systems and managed services to
the NYSE and other companies.
“We have discussed the matter with EMC, and at this point we believe
that there has been no impact on our operations or our customers,”
said NYSE spokeswoman Mirtha Medina in an e-mail.
<snip>
EMC’s executive team includes Art Coviello, who is also president of
RSA Security, which EMC bought in 2006. Per EMC's web site:
"Coviello’s expertise and influence have made him a recognized leader
in the industry, where he plays a key role in several national
cyber-security initiatives."
More information about the Infowarrior
mailing list