Thursday 2 March 2006

Insecure security

I've just come back from holiday in Italy where the hotel had an internet connected PC in the bar. To use it, you had to write your name and passport number in a paper logbook. Presumably the intention was that if anyone did anything naughty, they would know who it was.

The reality was that no one checked that you put in your real name and passport number. And putting in your name and passport number meant that they were available to subsequent users as the logbook was accessible to the public. And I noticed in the log book that a Disney character had used the PC but, sadly, I wasn't in the bar at the time.

Oh yes, it was a linux pc so I could get a command prompt and ssh to my pc at home. It was a root login of course.


Post a Comment

<< Home