Kadlec: The MongoDB hack and the importance of secure defaults

Tim Kadlec looks at theongoing MongoDB compromises and how they came to be."Before version 2.6.0, that wasn't true. By default, MongoDB was leftopen to remote connections. Authentication is also not required by default,which means that out of the box installs of MongoDB before version 2.6.0happily accept unauthenticated remote connections."