http://www.theregister.co.uk/2011/09/30/nats_switch_fail/ By John Leyden The Register 30th September 2011 A switch with networking configurations and passwords for the UK traffic control centre was offered for sale on eBay, raising serious security concerns. The £20 Cisco Catalyst switch was bought by security consultant Michael Kemp, co-founder at Xiphos Research Labs, who quickly discovered that it has been used at the National Air Traffic Services (NATS) centre in Prestwick by contractor Serco. Data on the switch included supervisor credentials, internal VLAN and other networking configurations and upstream switch addresses as well as domains, gateways and syslogs. "For twenty quid, I have got full switching details (and creds) for a switch that was in use (managed by Serco) two years ago to help keep planes in the air at Prestwick," Kemp explained. "Obviously this is a security fail, especially as the seller had 13 of the units that may well have come from the same estate." A screenshot from of the configuration screen of the kit bought by Kemp, with Serco branding clearly visible, can be found here. Offloading kit with onto eBay with data pertaining to estates that mange critical national infrastructure is obviously undesirable and may have practical consequences, Kemp told El Reg. [...] _____________________________________________________________ FINAL CALL to register #HITB2011KUL - Asia's premier deep-knowledge network security event now in it's 9th year! http://conference.hitb.org/hitbsecconf2011kul/Received on Mon Oct 03 2011 - 01:45:48 PDT
This archive was generated by hypermail 2.2.0 : Mon Oct 03 2011 - 01:46:47 PDT