7 0

Two months ago, NASA quietly fixed a buggy internal server that was leaking sensitive information about the agency’s staff and their work. The leaking server was — ironically — a bug reporting server, running the popular Jira bug triaging and tracking software. In NASA’s case, the software wasn’t properly configured, allowing anyone to access the server without a password, Avinash Jain , an India-based security researcher who found the exposed server, told TechCrunch. According to Jain’s writeup , some Jira instances can be misconfigured to allow “everyone” access without a password — including anyone on the internet — and not “everyone” within an organization, as some believe. This was the case for NASA’s leaking server. Full story

11 January