Other issues in this category (70)
Thursday, March 7, 2019
Some people believe that the grass is always greener elsewhere, in some other country. And many people in Russia (and, perhaps, other countries too) are certain that things are very bad where they are. Look at how other countries care about their users and protect them!
But is that really so?
I scanned all of Austria
You'll probably ask: how did you get all the country’s IP addresses?
Well, this is not hard to do. No country generates IP addresses as it sees fit. Instead, addresses are assigned by a central authority. That means that complete lists of addresses exist for each country.
Let's get started.
Of course, no system administrator will leave their Windows SMB ports readily accessible over the Internet, right?
masscan -p445 --rate 300 -iL austria.ips -oG austria.445.scan && cat austria.445.scan | wc -l
We found 1,273 completely exposed Windows hosts.
That's out of 11 million IPv4 addresses. Not too many, but still.
The country has 17,392 operational web servers.
Apache is the most popular one (judging by the replies containing the
Server header). The oldest Apache version I found was Apache 1.3.12, which was released in 2012, and it was running on a Windows server machine. A double nightmare.
I also discovered four servers under
Windows CE. That system was released in 1996, and its support was discontinued in 2013.
Those were devices of various types. We have already mentioned that attackers may target printers.
I found nine HP printers without logins, fully accessible over the Internet. They weren't password-protected, and I could make them print documents.
As many as 300 IP cameras weren't password-protected either. If you are interested, you can find them here.
And, to boot, here is a readily accessible control panel for a water treatment plant.
We don't even want to ponder how this information can be used by criminals or online pranksters if it ever falls into their hands.
The Anti-virus Times recommends
In terms of information security, Austria is doing reasonably well. The number of vulnerable systems is small, but users should never lower their guard, even there. Having a competent system administrator on staff who can deploy and configure an anti-virus security solution in a corporate network infrastructure is essential for the security of any business—and, of course, not only in Austria.