[ISN] F1 secrets left on the web

From: InfoSec News (alerts@private)
Date: Sun Sep 23 2007 - 23:57:33 PDT


http://www.theregister.co.uk/2007/09/20/formula_one_sensitive_transcript_exposed/

By Kelly Fiveash
20th September 2007

Highly-sensitive documents that disclosed secret information about the 
inner workings of the technical strategies adopted by rival Formula One 
(F1) teams were exposed for all to see on the internet.

Over the past few months F1 motor racing has been racked by controversy 
surrounding revelations that the McLaren team had been spying on its 
rival Ferrari by obtaining confidential technical documents.

Just last week, McLaren was fined $100m (50m) and stripped of all its 
constructors' championship points.

The verdict followed several hearings where emails and texts between the 
men at the centre of the drama were used as evidence in the 
much-publicised case.

Fdration Internationale de l' Automobile (FIA) diligently published 
transcripts from those hearings on its website including a 115-page 
document released on 13 September, the day the McLaren verdict was 
reached.

But, despite blacking out secret information on the PDF transcript 
before posting it on the internet, the French-based motor sport council 
failed to realise that a simple copy and paste of the document into any 
text-based file revealed the hidden data.

El Reg contacted the FIA to point out the glaring mistake and a 
spokeswoman told us the PR team was already aware of the privacy 
cock-up.

She said the document had in fact been taken down from the website 
immediately after the FIA learned of the issue yesterday. However, we 
were still able to obtain the document, including its confidential 
revelations, this morning.

When asked why the FIA had failed to act quickly to prevent rival F1 
teams accessing some of the information allegedly exposed to McLaren in 
the espionage saga, the spokeswoman said the council was unwilling to 
provide any further comment.

Of course, following our conversation, the document was edited with the 
secret information removed.


__________________________________________________________________      
CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques.  Register now for savings on conference fees   
and/or free exhibits admission. - www.csiannual.com



This archive was generated by hypermail 2.1.3 : Mon Sep 24 2007 - 00:14:34 PDT