Slashdot Mirror

← Back to Stories (view on slashdot.org)

Council Sells Security Hole On Ebay

Posted by CmdrTaco on from the only-as-good-as-your-weakest-link dept.

Barence writes "A security expert was stunned to discover a VPN device he'd bought on Ebay automatically connected to a local council's confidential servers. Bought for just 99p for use at work, when plugged in it automatically connected with the login details which had been carelessly left on the device. 'The whole selling point of the device was that it was extremely easy to configure. It's pretty horrific really,' says the intrusion-detection professional. The council says it is 'deeply concerned' by the news, but is confident that 'multiple layers of security have prevented access to systems and data.'"

7 of 147 comments (clear)

  1. Layers of Security by MyLongNickName · · Score: 5, Insightful

    Am I the only one who cringes when hearing the phrase "multiple layers of security". It is like a process where you have five people proof read something to check for mistakes, but none of the five bears any responsibility if a typo goes through. Invariably, 80% of the mistakes make it to print.

    --
    See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
    1. Re:Layers of Security by FireStormZ · · Score: 5, Insightful

      "Am I the only one who cringes when hearing the phrase "multiple layers of security". It is like a process where you have five people proof read something to check for mistakes, but none of the five bears any responsibility if a typo goes through."

      Never, in the history of man has the true process of government been summed up so well!

      --
      "Ahh! Arrogance and stupidity in the same package, how efficient of you!" --Londo Molari
    2. Re:Layers of Security by FredFredrickson · · Score: 5, Funny

      By layers of security, I'm sure he meant something along the lines of "Even if you can connect to our network printers on the windows server- you can't use them! Heck, we still can't figure out how to use them. Actually if you figure out how to get them to work, can you get the print jobs started? There's probably a couple hundred print jobs waiting.

      Oh and you probably can't access any files on our network, because in this HIGH security office, we don't even have network shares or anything of the like. Nopers, we email documents to eachother. Good luck catching us, dude. LAYERS. LAYERS AND LAYERS of security."

      --
      Belief? Hope? Preference?The Existential Vortex
    3. Re:Layers of Security by Fx.Dr · · Score: 5, Funny

      ...but none of the five bears...

      I dunno, five bears can be pretty scary. I'd be sure to stay away from that network.

  2. Typo in the summary by zappepcs · · Score: 5, Insightful

    The council says it is "deeply concerned" by the news, but is confident that "multiple layers of security have prevented access to systems and data.""

    but is confident that "multiple layers of security have prevented the council from knowing if anyone has had or does have access to systems and data.""

    There.. that's better
     

    --
    Support NYCountryLawyer RIAA vs People
  3. Erm...Layers? by Sj0 · · Score: 5, Insightful

    Once someone has a VPN tunnel directly into your network, any protection from outside attacks is automatically bypassed. What's left? A collection of passwords?

    --
    It's been a long time.
  4. What's the weirdest story like this? by Beryllium+Sphere(tm) · · Score: 5, Interesting

    A colleague where I live bought a set of routers from Goodwill and found not only default programming but a sheet of paper stuck inside with passwords.

    The passwords were for a Department of Energy facility with nuclear activities.

    I bet someone here has heard of an even weirder event.