While running a mongo instance today, I overlooked something pretty stupid and nearly let an attacker into my computer. I had just done a brand new install of mongo and was running the mongod client to do some testing. I left my computer for a bit and returned to the following warning from little snitch:

This is exactly what it looks like- mongo had opened itself up publicly on port 27017, straight out of the box. There was no password set, and no remote restrictions. A quick google search shows dozens of mongo instances compromised by this IP address alone. This means full db read-write access at best, and possibly remote code execution at the worst. Obviously this isn’t exclusive to just mongo- people leave default logins on their public servers all the time. But nevertheless, it’s a good reminder not to just assume software is safe straight out of the box.

Stay safe!

Since coming to college, my programming has become increasingly focused on contracting and other work related projects. But work has tight deadlines, and unlike personal projects and studies, quick completion time is a necessity. The consequence of this is that when I come across a problem I can’t immediately solve, the simplest option is to search the web for an answer. It has almost become instinct at this point to consult the web after being stuck for more than 30 seconds. It’s not that I enjoy doing this; it’s just a necessity.

But I’ve grown increasingly worried about the effects this is having on me outside of work. It seems to be yielding a similar effect to the gps phenomenon that has received recent attention. Even in my schoolwork and leisurely projects, I have found myself looking for solutions before I have even begun to tackle the problem on my own. The fact that this is an...

I often draw strange looks when I describe myself as a hacker.

Most people imagine the pop-culture view of a hacker, tapping away at a terminal and breaking into computers. While I can’t deny having had my fun with this, it is not why I call myself a hacker.

What about hackathons and personal projects then? It is surely a valid statement to say one is “hacking something together” when they build an app. It’s true that I’ve done my share of projects and hackathons. I even won my first hackathon this last November, so I surely fit this description as well. But it is not why I call myself a hacker.

There are also the lesser known MIT hacks. A hack, as Wikipedia describes, is a public display meant to either show off technical prowess or commemorate a specific event. Some of the better known hacks include the police car on the big dome and tetris on the green building. While maintaining...