Another day, another example of sloppy security.
Wired reports that sensitive information about the New York Stock Exchange's network has been lying around on
an unsecured server for about a year.
On the server were "directories of files containing logs, server names, IP addresses, lists of hardware, lists of software versions running on the network, and configuration and patch histories (including which patches have not yet been installed)".
All this was available for anyone interested on a publicly accessible, unprotected FTP server maintained by data storage firm EMC.
It appears Nyse knew nothing about the risk EMC was running with its data until Wired got in touch. The two firms have since "discussed" the matter.
Seems pretty poor from EMC, which of course
owns security specialist RSA.