Stories
Slash Boxes
Comments

SoylentNews is people

posted by CoolHand on Monday May 04 2015, @10:38PM   Printer-friendly
from the security-oops dept.

Nick and Margaret: The Trouble with Our Trains is a BBC Two show featuring Nick Hewer and Margaret Mountford, who explore "the sorry state of the British rail network."

The dynamic duo's travels took them to the Wessex Integrated Control Centre, located above the platform entrances at London Waterloo railway station, manned 24 hours a day by teams of controllers from both South West Trains and Network Rail.

[The] documentary revealed more than it planned this week, exposing the passwords used at a rail control centre.

The article features a frame of the video which shows the complex login credentials taped to an LCD panel of a Windows XP terminal.

One might wonder if overstrict password policy brought this about, except obviously a strict password policy would not allow the password that is stickied to the monitor..

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Interesting) by vux984 on Tuesday May 05 2015, @01:04AM

    by vux984 (5045) on Tuesday May 05 2015, @01:04AM (#178887)

    There are a lot of security holes in password safes

    Yes. However I think some of them are quite good.

    and any thing in the clipboard on windows is pretty vulnerable to being plundered by any application.

    So what. If my system has been compromised to that degree, any password I type in manually isn't safe from being recorded either.

    I'd recommend the dongles. (Actually little USB keys. These are so common you can buy them on Amazon and provision them yourself. Even Google uses them for two factor. The software for this is opensource.

    Which? Stuff like Yubikey? Yes, I agree... those are a great concept. I didn't mention them for the sake of brevity and the fact that they do not in fact work for most users passwords most of the time, which was my criteria.

    After all what do you do for sites and systems out of your control that don't support them?

    Aa USB key can also be lost or forgotten, it can go through the washing machine, or it can simply fail,... trading "not very secure" for "so secure even i can't get in" isn't necessarily net positive. And if they leave their yubikey on their desk all the time to ensure that doesn't happen... well... how is that really much better than the note under the keyboard?

    Downside: Well having an open USB port is a risk anywhere in a critical infrastructure.

    USB itself isn't a security risk the way firewire or thunderbolt are, but yes. Although you can at least disable usb storage services and so forth to mitigate the risk. Or switch to the NFC version of yubikey, etc. Truly critical infrastructure should have 2ndary layers... ie... monitoring what is actually put into the usb port, people monitoring who is actually doing the putting in etc.

    Starting Score:    1  point
    Moderation   +2  
       Insightful=1, Interesting=1, Total=2
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4