Darren Pauli reports:
China-based virtual private network provider Terracotta, a favourite of some of the most capable hacking groups, is pumping their stolen user credentials in cleartext.
The forehead-slapping gaffe was revealed by RSA fraud prober Kent Backman, while outlining more details about the Terracotta VPN organisation first described in August.
All of the nodes Terracotta uses to power its commercial VPN are popped boxes, Backman says, in what would help boost the unscrupulous seller’s bottom line.
Read more on The Register.
Clean this cesspool up and an avenue is now closed to potential hacks in the future.