In fact, most of those services will be appropriate – for example, a web server with an open port 80, the “door” through which HTTP web pages are sent through. The problem is that 80% of the top services offered by servers on the Internet are unencrypted – for example, POP3 (an outdated email protocol) and FTP (an insecure method of transferring files).
The researchers were surprised by their own findings, as they expected to find that the most exposed countries were also the richest (by aggregate GDP), which were likely to have the most net-connected devices making them proportionally the most potential for damage. But the most vulnerable country appeared to be Belgium – while the country has fewer nodes than larger countries like China, a greater proportion of them are offering connections to services which are often insecure.
The mapping project was launched as part of an attempt to comprehensively determine quite how insecure the Internet is. Security experts remind of previous comprehensive scans – for example, the 2012 Internet Census – which all have been one-off measures to date. The Internet Census, for instance, traded comprehensiveness for repeatability, because its methodology involved legally questionable access to household routers in order to perform the scans. Unlike Rapid7’s approach, which involves pushing on doors to see if they’re open, the Internet Census actually went in the building to see what it could find.
The information security firm hopes to repeat the survey regularly and eventually discover whether or not the worldwide web is developing in a good direction. Rapid7 hopes that the worst of the insecure servers will go offline in the near future.
sourced from torrentfreak