Forwarded from KanekoaTheGreat
"During the course of probing one such software provider, in early 2021 Gregg and his team stumbled across an IP address for a server that was purportedly associated with a company named Konnech, at least according to the records of services that track IP address ownership and location.
That IP address, it turns out, was located in China—it was evidently used by some instances of the software application for a period of time, before switching to a new IP address in Grand Rapids Michigan.
Geolocation tools that I used suggest that the server that was hosting this address in China was somewhere near Hangzhou, possibly somewhere near Zhejiang University...
While Gregg and his team were investigating, they ran some routine cybersecurity checks to see what services were being used by that Chinese IP address to determine what was behind it. One of these routine “scans” showed a port on that IP address—27017—that is typically used by a database application called “MongoDB”...
A common practice for cybersecurity professionals who are exploring a network is to “test the locks” when they find “open windows or doors” as they walk around a “building” of interest, and in this case, they did a quick check on the MongoDB port (“rattled the windows”) to see if it responded.
When it did, they next tried a pretty basic thing: they tested to see if they could log into it with the default, “out of the box” username and password. That would be a pretty dumb thing for the owner of this machine to have left in place, but it is surprisingly common.
In other words, as the cyber team rattled the windows and doors, they found a boneheaded error on the MongoDB installation that only a novice would be expected to make. The doors and windows weren’t even locked. In fact, they were wide open.
You see, when MongoDB is freshly installed, it doesn’t have proper security rules set up to restrict who can read and write data into it; unless the person configuring that MongoDB installation takes the extra necessary steps (and knows how to do it), MongoDB either has NO password, or the default password which is… well, you can probably guess. “PASSWORD”.
So Gregg’s team was able to “walk in the front door”, as it were, because there was no lock on the door, and “look around the place.”
What they found was shocking: they found data that included personal details of nearly 1.8 million US poll workers. Details like their names, phone numbers, addresses, etc. Even the names of family members: things that might routinely be collected when you hire someone and issue them a paycheck.
But they also reportedly found rich details about where election machines were located, including floorplans of buildings used in elections. Nominally, this information would be of use by the election agencies, because the application they were using helped them track their election machine inventory.
But none of this should have been left out in the open for just anyone to see; and it sure as hell shouldn’t have been done in China."
https://cognitivecarbon.substack.com/p/mongodb-what-is-it-and-how-did-it
Follow @CognitiveCarbonPublic
@KanekoaTheGreat
That IP address, it turns out, was located in China—it was evidently used by some instances of the software application for a period of time, before switching to a new IP address in Grand Rapids Michigan.
Geolocation tools that I used suggest that the server that was hosting this address in China was somewhere near Hangzhou, possibly somewhere near Zhejiang University...
While Gregg and his team were investigating, they ran some routine cybersecurity checks to see what services were being used by that Chinese IP address to determine what was behind it. One of these routine “scans” showed a port on that IP address—27017—that is typically used by a database application called “MongoDB”...
A common practice for cybersecurity professionals who are exploring a network is to “test the locks” when they find “open windows or doors” as they walk around a “building” of interest, and in this case, they did a quick check on the MongoDB port (“rattled the windows”) to see if it responded.
When it did, they next tried a pretty basic thing: they tested to see if they could log into it with the default, “out of the box” username and password. That would be a pretty dumb thing for the owner of this machine to have left in place, but it is surprisingly common.
In other words, as the cyber team rattled the windows and doors, they found a boneheaded error on the MongoDB installation that only a novice would be expected to make. The doors and windows weren’t even locked. In fact, they were wide open.
You see, when MongoDB is freshly installed, it doesn’t have proper security rules set up to restrict who can read and write data into it; unless the person configuring that MongoDB installation takes the extra necessary steps (and knows how to do it), MongoDB either has NO password, or the default password which is… well, you can probably guess. “PASSWORD”.
So Gregg’s team was able to “walk in the front door”, as it were, because there was no lock on the door, and “look around the place.”
What they found was shocking: they found data that included personal details of nearly 1.8 million US poll workers. Details like their names, phone numbers, addresses, etc. Even the names of family members: things that might routinely be collected when you hire someone and issue them a paycheck.
But they also reportedly found rich details about where election machines were located, including floorplans of buildings used in elections. Nominally, this information would be of use by the election agencies, because the application they were using helped them track their election machine inventory.
But none of this should have been left out in the open for just anyone to see; and it sure as hell shouldn’t have been done in China."
https://cognitivecarbon.substack.com/p/mongodb-what-is-it-and-how-did-it
Follow @CognitiveCarbonPublic
@KanekoaTheGreat
CognitiveCarbon’s Content
MongoDB: What is it, and how did it come into play as part of the shocking disclosure that took place at "The Pit"?
On August 13, 2022, Catherine Englebrecht and Gregg Phillips described what they found last year on an unsecured server in China: personal information for 1.8 million US election workers...and more
👍40😢1
Forwarded from Miz Donna thoughts (Donna Willett)
It's not enough.
But it is a sign that
The FBI administrative state knows they are in trouble
Freaking Lindsey Graham said there would be riots in the street.
That is what they want ..
Happy Warriors. Peaceful
But it is a sign that
The FBI administrative state knows they are in trouble
Freaking Lindsey Graham said there would be riots in the street.
That is what they want ..
Happy Warriors. Peaceful
👍49🔥18
Forwarded from Miz Donna thoughts (Donna Willett)
How do you reign in the ridiculous power the FBI has?
Cut off their money.
That is why they are throwing low level people in front of oversight.
Let them know it will not work
Cut off their money.
That is why they are throwing low level people in front of oversight.
Let them know it will not work
👍78🔥14
Forwarded from Mr Dirt
“The United States must treat the easy access to semiautomatic weapons as the national security threat it is,” argues @GeorgetownICAP’s Mary McCord today in the @nytimesoffcial
https://www.nytimes.com/2022/05/25/opinion/uvalde-buffalo-semiautomatic-weapons.html
@nytimesoffcial https://truthsocial.com/users/MrDirt/statuses/108908597286371560
Mary Mary been a bad lady
https://www.nytimes.com/2022/05/25/opinion/uvalde-buffalo-semiautomatic-weapons.html
@nytimesoffcial https://truthsocial.com/users/MrDirt/statuses/108908597286371560
Mary Mary been a bad lady
Nytimes
Opinion | Uvalde, Buffalo and the Semiautomatic Weapons That Terrorize Us
The U.S. should treat easy access to semiautomatic weapons as a national security threat.
👎45👍7
Ive got a better idea: lets start dealing with high level DOJ people turned Adam Schiff staffers like Mary McCord who have LONG been an enemy of We The People, and others like her. 👇 lets put her & every other former & current DOJ official like her on notice we have had ENOUGH of their abuses.
👍77❤8🔥6