Council Sells Security Hole On Ebay - Slashdot

Follow Slashdot blog updates by subscribing to our blog RSS feed

×

Council Sells Security Hole On Ebay 147

Posted by CmdrTaco on Monday September 29, 2008 @11:34AM from the only-as-good-as-your-weakest-link dept.

Barence writes "A security expert was stunned to discover a VPN device he'd bought on Ebay automatically connected to a local council's confidential servers. Bought for just 99p for use at work, when plugged in it automatically connected with the login details which had been carelessly left on the device. 'The whole selling point of the device was that it was extremely easy to configure. It's pretty horrific really,' says the intrusion-detection professional. The council says it is 'deeply concerned' by the news, but is confident that 'multiple layers of security have prevented access to systems and data.'"

This discussion has been archived. No new comments can be posted.

Council Sells Security Hole On Ebay

Search 147 Comments Log In/Create an Account

Comments Filter:

Crypto without a "zeroize" button. (Score:5, Informative)

by Animats ( 122034 ) writes: on Monday September 29, 2008 @12:06PM (#25194635) Homepage

The problem is that this is a crypto box without a "zeroize" button.
A VPN device is, among other things, a crypto unit. Real crypto units are very explicit about key control. Sometimes, the key is in a removable and easy-to-destroy form. On units with internal key storage, there's a guarded "zeroize" button that clears all keys to zero.
Cisco didn't provide either a "zeroize" button or a removable key. So there's no easy way to scrub the thing before selling it, or to be sure it was scrubbed.

Share
twitter facebook
Defense in Depth (Score:2, Informative)

by bunratty ( 545641 ) writes: on Monday September 29, 2008 @12:08PM (#25194665)

No, it's defense in depth [wikipedia.org]. It's like having locks on your house, and also having an alarm system. That's more secure that having just locks or just an alarm system. On a computer, it's like using a secure browser and also having a firewall and also anti-virus software.

Parent Share
twitter facebook
Re:Council explanation? (Score:3, Informative)

by u38cg ( 607297 ) writes: <calum@callingthetune.co.uk> on Monday September 29, 2008 @01:14PM (#25195367) Homepage

It covers what would be roughly a county in the US, area wise. They are fairly toothless beings, in that their roles are fairly clearly spelt out for them and their purse strings are fairly tightly held by central government (thank goodness). They run most of the government services you would expect to interact with regularly, like schools, road maintainance, parks, inspecting eateries, that kind of thing.
The incompetence of councils is limited, because they are overseen quite closely by central government, who can and do step in and roll heads if there are systemic failures. That said, most of the really egregious examples of corruption in the UK tend to come from local government.

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

390 comments32-Hour Workweek for America Proposed by Senator Bernie Sanders
358 commentsWhat Should Happen to Empty Downtown Office Spaces?
340 commentsHacktivism Erupts In Response To Hamas-Israel War
324 comments'Feedback' Is Now Too Harsh. The New Word is 'Feedforward'
248 commentsWorkers are Resisting Calls to Return to Offices

Remember to say hello to your bank teller.