Council Sells Security Hole On Ebay 147
Barence writes "A security expert was stunned to discover a VPN device he'd bought on Ebay automatically connected to a local council's confidential servers. Bought for just 99p for use at work, when plugged in it automatically connected with the login details which had been carelessly left on the device. 'The whole selling point of the device was that it was extremely easy to configure. It's pretty horrific really,' says the intrusion-detection professional. The council says it is 'deeply concerned' by the news, but is confident that 'multiple layers of security have prevented access to systems and data.'"
What's the weirdest story like this? (Score:5, Interesting)
A colleague where I live bought a set of routers from Goodwill and found not only default programming but a sheet of paper stuck inside with passwords.
The passwords were for a Department of Energy facility with nuclear activities.
I bet someone here has heard of an even weirder event.
Re:Layers of Security (Score:3, Interesting)
I tooled around on a client of our's network the other day. We installed a server there and at their request (needed to add that to cover my butt) I had to load a file on one of their pc's for a guy to install.
(The only main difference between this scenario and mine was I had a Linux (running gentoo) server on their lan. Here the guy had vpn access and thus he could VPN in and have a linux box on their lan.)
My problem was that I had no idea what the IP address of the laptop was where I needed to place the file (a printer driver) so I pulled out a few really beginner tools to get my job done.
(I will not post actual output here since most linux geeks will know what I would see.)
nmap -sP to scan for active IP adresses.Next to the output you will see the name of the network drevice (the maker of the actual network card). Using this info I could make a guess as to what is a printer (they had an HP network printer) and their router. The rest had to be the computers/laptops.
Next up I ran nmblookup -A against some of the IP adresses until I found the one I was looking for.
At this point I ran into a possible hitch - password for a share.
I ran smbclient -L against the chosen IP address and PRESTO - open windows "Shared Documents"
So, for a "security expert" or hacker having VPN access can afford one a lot of information and opportunity for doing nasty stuff.
I had with these three tools: A list of all the devices on the network, a means to determine all the open shares, find out computer names (using these you can often determine usernames and guess passwords - "password" is still quite common), find out the workgroup/domain name, send print jobs to the printer if I chose to, access the router and harves the dsl username and password, place worms and trojans on the "Shared Documents" folders of several computers and infect a whole lan!
Layers of security my left foot.