UK security guru set to expose vulnerabilities in DB servers across the Web
Despite all the hype surrounding data security and breaches, many enterprises still don't even have a firewall protecting their database servers, according to a forthcoming study.
Renowned security expert David Litchfield Monday will release the results of his latest vulnerability study, which features some surprising numbers about database threats, according to a report in a British trade publication that got a sneak peek at the study.
Litchfield pinged over 1 million randomly generated IP addresses, checking see if he could access them on the IP ports reserved for Microsoft SQL Server or Oracle's database, according to the report.
He found 157 SQL servers and 53 Oracle servers. Litchfield then relied on known estimates of the number of systems on the Internet to arrive at his conclusion: "There are approximately 368,000 Microsoft SQl Servers... and about 124,000 Oracle database servers directly accessible on the Internet," he says in the study.
In an interview, Litchfield said that given the publicity surrounding corporate data breaches over the past two years, he is amazed that he found more exposed database servers in 2007 than he did in his 2005 study.
"It's terrible," he said in an interview. "We all run around like headless chickens following these data breach headlines... Organizations out there really don't care. Why are all these sites hanging out there without the protection of a firewall?"
A summary of Litchfield's findings is scheduled to be published Monday on his Website, DatabaseSecurity.com.
— Tim Wilson, Site Editor, Dark Reading
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024