1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • A US government email server was found without any password secur

    From TechnologyDaily@1337:1/100 to All on Wed Feb 22 14:45:03 2023
    A US government email server was found without any password security

    Date:
    Wed, 22 Feb 2023 14:25:13 +0000

    Description:
    An email server was sitting unprotected for two weeks, leaking sensitive emails and other data.

    FULL STORY ======================================================================

    A US government email server was discovered online without a proper password to protect its content, essentially leaking sensitive information to anyone who knew where to look. Whether or not anyone really knew where to look - remains to be seen.

    The exposed email server was hosted on Microsofts Azure government cloud for Department of Defense, allowing it to share sensitive, but still unclassified data.

    This service offers servers that are physically disconnected from commercial customers, and was part of an internal mailbox system that held some 3TB of internal military emails, some of which referred to U.S. Special Operations Command (USSOCOM), a military unit running special operations. Terabytes of data

    However it seems that the servier wasnt protected with a password , so simply knowing the IP address would be enough to access it, and all of the data it hosted.

    This hosted data reportedly included sensitive information such as internal military email messages, personal information and health information on certain government employees, and more.

    The breach was spotted by security researcher Anurag Sen, who tipped off TechCrunch to the news so that it could alert the US government. Read more

    Millions of MySQL servers found exposed online - is yours among them?


    Thousands of Sophos servers are vulnerable to this dangerous exploit


    Here are the best endpoint protection services around

    TechCrunch said it had seen some of the data hosted on the server and
    believes them to be unclassified, which would be consistent with USSOCOMs civilian network, it argues.

    The server was first listed as exposed on February 8, but theres no explanation yet why it happened.

    TechCrunch reached out to USSOCOM shortly after, with the server locked down the following day.

    Responding to an email inquiry, USSOCOM spokesperson Ken McGraw said that the incident was not the result of a hack: We can confirm at this point is no one hacked U.S. Special Operations Commands information systems, said McGraw.
    What is a Passkey and how do you use one?

    Via: TechCrunch



    ======================================================================
    Link to news story: https://www.techradar.com/news/a-us-government-email-server-was-found-without- any-password-security


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)