Stories
Slash Boxes
Comments

SoylentNews is people

posted by CoolHand on Monday May 04 2015, @10:38PM   Printer-friendly
from the security-oops dept.

Nick and Margaret: The Trouble with Our Trains is a BBC Two show featuring Nick Hewer and Margaret Mountford, who explore "the sorry state of the British rail network."

The dynamic duo's travels took them to the Wessex Integrated Control Centre, located above the platform entrances at London Waterloo railway station, manned 24 hours a day by teams of controllers from both South West Trains and Network Rail.

[The] documentary revealed more than it planned this week, exposing the passwords used at a rail control centre.

The article features a frame of the video which shows the complex login credentials taped to an LCD panel of a Windows XP terminal.

One might wonder if overstrict password policy brought this about, except obviously a strict password policy would not allow the password that is stickied to the monitor..

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by frojack on Monday May 04 2015, @11:46PM

    by frojack (1554) on Monday May 04 2015, @11:46PM (#178854) Journal

    Correction, there are a lot of security holes in SOME popular password safes. Others, not so bad.
    But on windows, the clipboard is weak.

    --
    No, you are mistaken. I've always had this sig.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by vux984 on Tuesday May 05 2015, @01:15AM

    by vux984 (5045) on Tuesday May 05 2015, @01:15AM (#178892)

    But on windows, the clipboard is weak.

    I understand that it is a vulnerability. But I'm curious how the OSX, Android, iOS, or Linux etc clipboards are more secure than Windows?

    A password manager that uses a separate non-clipboard and then is activated by a system hotkey to emit the password to the active application might work better. But it'll still fall prey to keylogging etc. So I'm not sure that accomplishes anything.

    • (Score: 0) by Anonymous Coward on Tuesday May 05 2015, @10:42AM

      by Anonymous Coward on Tuesday May 05 2015, @10:42AM (#179032)

      X11 has a feature that an application can secure the keyboard, so that keypresses are only sent to that single application, and none other. It seems to be rarely used for password prompts these days, though (actually the only programs that I know to activate it automatically for passwords are Emacs and locking screensavers, and the only program I know where you can enable it manually is xterm).

      Of course that doesn't help against keyloggers that intercept the keyboard at a lower level; however it at least increases the difficulty (X11 keylogging can be done from the user account; I'm not sure that this is also possible for lower-level keylogging).