The MongoDB Exploit with Niall Merrigan

About Show #519

Are your noSQL stores safe? While at NDC London, Richard chatted with Niall Merrigan about the latest wave of exploits targeting MongoDB, ElasticSearch and others. As Niall explains, the challenge is that the default security models for many of these products leaves them vulnerable to outside attack. As these attacks have progressed, they have presented themselves as ransomware - data is removed and a bitcoin account offered up to restore the data. However, to date, even when the ransoms are paid, no data is restored. Apparently there is no honor among thieves. Now is a great time to review your security vulnerabilities, and Niall suggests looking at your systems the same way hackers do, through tools like Shodan. Give yourself a security checkup!


Niall Merrigan is an Irish guy who managed to end up in Norway after finding out the country existed when he was in New Zealand. He works for Capgemini in Stavanger, Norway, as the head of custom software development and has been a Microsoft ASP.NET MVP since 2010. He is also involved in the Friends of Redgate program and is a general rugby nut (which means he shouts a lot). Niall has a passion for web technologies, security, and whiskey, which can lead to some interesting discussions.

Show Comments

blog comments powered by Disqus