Zdnet have published today a survey made by Litchfield. This survey shows that 492 000 computers of the 1 160 000 IP scanned run a database service accessible from Internet. The information is valuable but I am not sure that mass scanning computer is legal in every country. Moreover database are like any network service, it is not unsecure by itself, It just need to be patched and properly configured. I don’t understand why people are so afraid that database server are public. Web server, FTP server, POP server are public and they also have vulnerability. For example CodeRed was based on a IIS vulnerability. If you wonder how hard it is to make such survey, well it is quite easy. It takes time, but it is just using NMap with the proper set of option (-sV -p …) against numerous IP. If you are looking for survey about web server, try netcraft.
Latest Comments