[pchelpers] News:eBayed VPN kit hands over access to council network

• From: John Durham <john.modec@xxxxxxxxxx>
• To: PC-Helpers <pchelpers@xxxxxxxxxxxxx>
• Date: Tue, 30 Sep 2008 06:55:26 +1200

By John Leyden → More by this author
29 Sep 2008 16:08
'It's like putting an access hub in the car park'

An item of networking kit bought from eBay for just 99p ($2) gave
privileged access to an internal network at an English county council.

The security risks posed by unwiped computer discs - which are often
offered for sale on auctions sites and even sometimes obtainable through
council rubbish dumps - is well documented, but the purchase of VPN 3002
remote access kit by Andrew Mason, CTO at security services firm Random
Storm, shows the same sort of problems also apply to second-hand
networking equipment.

Mason bought the remote access kit for his business, not expecting it to
automatically connect to the internal network of Kirklees Council in
Yorkshire as soon as it was switched on and connected to the internet.
He'd bought many items of networking kit before and this was the first
time he'd come across the issue, which consequent ally took him by
surprise. Normally the kit would need to be configured before access to
anything was possible.

"The issue is similar to the problem of disposing of unwiped discs but
even worse in some ways, because in the case of discs you have a
snapshot of data while in this case hackers are given access to a
network with live data. Once inside the network miscreants would be able
to raise their privileges and potentially gain access to more sensitive
systems," Mason, who has worked in penetration testing, explained.

More here:
http://www.channelregister.co.uk/2008/09/29/second_hand_vpn_security_breach/
-- 
John Durham
Site http://modecideas.com
Server hosted on Ubuntu 4.10
Good advice is like good paint. It only works when applied.




-- 
-------list-services-below-----------
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription