Interesting idea. Charging companies to find out how stupid their staff have been.
That just might work.
More than a petabyte of data lies exposed online because of weak default settings and other configuration problems involving enterprise technologies. Swiss security firm BinaryEdge found that numerous instances of Redis cache and store archives can be accessed without authentication. Data on more than 39,000 MongoDB NoSQL …
MongoDB is embedded in a number of applications. The users of these applications are incapable of reading manuals, so even when they are directed to instructions for securing the DB, they do nothing.
The people who write the software that controls the equipment that the users bought don't know anything about databases, they tend to be electrical and electronics engineers, who regard software as a necessary evil. They are also so insular, I'm not sure they really appreciate the need for security.
I regularly sort out MongoDB security (its not difficult), upgrade it from 32 to 64-bit (equipment engineers don't do this), and link it to Pentaho for reporting purposes. I must have explained how to do this upwards of 100 people, despite being "professionals", not one of them has been capable doing the same. From their point of view they just want kit that works. Sometimes I think that free Open Source software is the most expensive you can buy.
I enjoy this view of MongoDB - https://www.youtube.com/watch?v=b2F-DItXtZs
Biting the hand that feeds IT © 1998–2020