The November 2022 issue of IEEE Spectrum is here!

Close bar

IEEE Spectrum editor Josh Romero alerted me to this story at the Threat Level blog at Wired. Apparently, data about the New York Stock Exchange's (NYSE) technical infrastructure was accessible on a public FTP server for possibly a year. The Threat Level post says,

"The data, which was removed after Threat Level disclosed the situation to the NYSE, included several directories of files containing logs; server names; IP addresses; lists of hardware; lists of software versions running on the network; and configuration and patch histories, including what patches have not yet been installed.It was all available on a publicly accessible, unprotected FTP server maintained by EMC, a company that sells storage systems and managed services to the NYSE and other companies."

The blog post notes that EMC claims that the data was not sensitive, but other security experts the Threat Level folks contacted were not so sure. The information showed which critical patches to the system had and had not been made, for example.

EMC has refused to answer more detailed questions about the nature of the information posted, the Threat Level blog post said.

The Conversation (0)

Why Functional Programming Should Be the Future of Software Development

It’s hard to learn, but your code will produce fewer nasty surprises

11 min read
A plate of spaghetti made from code
Shira Inbar

You’d expectthe longest and most costly phase in the lifecycle of a software product to be the initial development of the system, when all those great features are first imagined and then created. In fact, the hardest part comes later, during the maintenance phase. That’s when programmers pay the price for the shortcuts they took during development.

So why did they take shortcuts? Maybe they didn’t realize that they were cutting any corners. Only when their code was deployed and exercised by a lot of users did its hidden flaws come to light. And maybe the developers were rushed. Time-to-market pressures would almost guarantee that their software will contain more bugs than it would otherwise.

Keep Reading ↓Show less