New York Stock Exchange network exposed by server security sloppiness

Graham Cluley

Uh-oh. This is pretty worrying.

According to a Wired report, sensitive details about the New York Stock Exchange’s network was left unprotected on a public server visible for anyone in the world to view.

Information, including the names of servers, IP addresses, log histories, hardware and software details, and configuration information was all found on a public FTP server maintained by EMC. The data even included details of which patches had not yet been installed on the NYSE network.

The worry is that a hacker could use the sensitive information to piece together details of the stock exchange’s network architecture, and use it to pinpoint where vulnerabilities might lie.

For their part, EMC has been keen to debunk the security problem. Wired quotes a spokesman as saying that they have discussed the situation with the NYSE, adding “We’re confident that the information exchanged on…

Read more in my article on the Naked Security website.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.