Thousands of servers in Germany are set up so incorrectly that attackers can spy on sensitive data.
This is what the weekly newspaper “Die Zeit” and the computer magazine “c’t” report in their current editions. “Attackers have an easy game and can access code and access and user data,” writes the “c’t”.
Flensburg IT security entrepreneur Matthias Nehls had previously identified around 41,000 systems that were configured incorrectly. This makes it easy to read code archives from programs in which, for example, access data to databases with sensitive customer data can be stored. This is in the so-called repositories of the Git version control system.
As research by “Zeit”, “c’t” and the NDR show, the vulnerability also affected servers of DAX companies or universities. In addition, there were servers from medium-sized companies, medical practices, online shops and municipal utilities among the affected systems – even though the problem has been known for years.
The Federal Office for Information Security (BSI) is not surprised. “Many small and medium-sized organizations do not worry about their IT security, it has to pop first before they take the right protective measures,” Germany’s cyber security agency told Die Zeit.
The “c’t” recommends affected Git users to fix the deficiency as soon as possible. “If you are not sure, you can simply go to http://meinedomain.de/.git/config in the browser.”
If the browser shows a configuration file, the server is affected by the problem.
- Encryption-Security-Data-Internet: Image: © Nmedia – Fotolia.com