Security error leaves 760 gigs on NY airport servers unprotected for a year
Security error leaves NY airport servers unprotected for a year The backup storage drive hadn't been password-protected since April. The 760 GB of exposed data included TSA letters of investigation, social security numbers, internal airport schematics and emails, according to Chris Vickery, lead researcher from MacKeeper Security Center. He'd discovered the lapse, noting that the backup drive "was, in essence, acting as a public web server." If someone had found their way in, they could access a particular file with usernames and passwords for various devices and systems, which security experts confirmed to ZDNet would open up every component of the airport's internal network to a malicious user. Apparently, the Port Authority of New York and New Jersey contracts out management of Stewart Airport to a private company called AvPORTS, which uses a single IT professional to set up and maintain its networks. Obviously, having one person show up twice a month per location to make sure each IT setup is watertight presents opportunities for lapses that go unnoticed. A Port Authority spokesperson noted that an investigation was ongoing, but that no information was believed to have been compromised during the near year-long exposure. https://www.engadget.com/2017/02/24/security-error-leaves-ny-airport-servers... https://mackeeper.com/blog/post/334-extensive-breach-at-intl-airport
From: Razer <g2s@riseup.net>
Security error leaves NY airport servers unprotected for a year
The backup storage drive hadn't been password-protected since April.
The 760 GB of exposed data included TSA letters of investigation, social security numbers, internal airport schematics and emails, according to Chris Vickery, lead researcher from MacKeeper Security Center. He'd discovered the lapse, noting that the backup drive "was, in essence, acting as a public web server." If someone had found their way in, they could access a particular file with usernames and passwords for various devices and systems, which security experts confirmed to ZDNet would open up every component of the airport's internal network to a malicious user.
This is a big reason we don't like Statist fools who like big government, and would like to make us all dependent on government's supposed 'protection'. If this outrage were done in private industry, at least we would have the freedom to go elsewhere. Jim Bell
On Sun, Feb 26, 2017 at 11:02 AM, Razer <g2s@riseup.net> wrote:
Security error leaves NY airport servers unprotected for a year The backup storage drive hadn't been password-protected since April. The 760 GB
Sad that people are more interested in making a name for themselves by getting '[non]security community' credit for 'reporting' this shit, which ends up whitewashed covered up and does absolutely nothing. Than actually copying and leaking it openly onto the darknets where some visceral impact and head rolling change can be made.
On February 26, 2017 9:17:03 PM EST, grarpamp <grarpamp@gmail.com> wrote:
On Sun, Feb 26, 2017 at 11:02 AM, Razer <g2s@riseup.net> wrote:
Security error leaves NY airport servers unprotected for a year The backup storage drive hadn't been password-protected since April. The 760 GB
Sad that people are more interested in making a name for themselves by getting '[non]security community' credit for 'reporting' this shit, which ends up whitewashed covered up and does absolutely nothing. Than actually copying and leaking it openly onto the darknets where some visceral impact and head rolling change can be made.
Yes and no. Joe Fuckhead (or me) shouldn't have to worry about my NYC travels and all data needed to clone my goddamn ID getting leaked all over the place. But who knows, its likely just being traded quietly and more privately, if someone did grab it before the "white hats" swooped in and pointed this moronic setup... So I can certainly see both points. Hushed damage control vs shit blowing up in the open.
On Mon, Feb 27, 2017 at 4:53 AM, John Newman <jnn@synfin.org> wrote:
Yes and no. Joe Fuckhead (or me) shouldn't have to worry about my NYC travels and all data needed to clone my goddamn ID getting leaked all over the place.
But who knows, its likely just being traded quietly and more privately, if someone did grab it before the "white hats" swooped in and pointed this moronic setup... So I can certainly see both points. Hushed damage control vs shit blowing up in the open.
Your ID is somewhat fixable. Leaks of all your email, voice calls, [naked selfie] pictures, social messages, and complete personal metadata, call / contact / friends lists, locations, shopping purchases, etc, etc.... is not. That's what's to fear. People will ignore news reports about some researcher or blackhat 'leaked' stuff.. it all sounds safe and taken care of. If news said someone posted peoples crap with a nice search interface on takedown proof darknet, and it's still there flaunting everyone, they might get pissed enough to act and demand heads heads roll until the problems start going away.
On Feb 28, 2017, at 3:07 AM, grarpamp <grarpamp@gmail.com> wrote:
On Mon, Feb 27, 2017 at 4:53 AM, John Newman <jnn@synfin.org> wrote: Yes and no. Joe Fuckhead (or me) shouldn't have to worry about my NYC travels and all data needed to clone my goddamn ID getting leaked all over the place.
But who knows, its likely just being traded quietly and more privately, if someone did grab it before the "white hats" swooped in and pointed this moronic setup... So I can certainly see both points. Hushed damage control vs shit blowing up in the open.
Your ID is somewhat fixable. Leaks of all your email, voice calls, [naked selfie] pictures, social messages, and complete personal metadata, call / contact / friends lists, locations, shopping purchases, etc, etc.... is not. That's what's to fear. People will ignore news reports about some researcher or blackhat 'leaked' stuff.. it all sounds safe and taken care of. If news said someone posted peoples crap with a nice search interface on takedown proof darknet, and it's still there flaunting everyone, they might get pissed enough to act and demand heads heads roll until the problems start going away.
Sure, even leakedsource (which has been shut down) didn't make enough waves to cause any "heads to roll". Except maybe the people who were running leakedsource, if they were caught (haven't followed story closely lately). Your post reminds me of the southpark episodes where all the worlds social media and trolling is about to be laid bare, made public, de-anonymized, and basically it was the apocalypse. Funny episode.
participants (4)
-
grarpamp
-
jim bell
-
John Newman
-
Razer