Stories
Slash Boxes
Comments

SoylentNews is people

posted by CoolHand on Monday May 04 2015, @10:38PM   Printer-friendly
from the security-oops dept.

Nick and Margaret: The Trouble with Our Trains is a BBC Two show featuring Nick Hewer and Margaret Mountford, who explore "the sorry state of the British rail network."

The dynamic duo's travels took them to the Wessex Integrated Control Centre, located above the platform entrances at London Waterloo railway station, manned 24 hours a day by teams of controllers from both South West Trains and Network Rail.

[The] documentary revealed more than it planned this week, exposing the passwords used at a rail control centre.

The article features a frame of the video which shows the complex login credentials taped to an LCD panel of a Windows XP terminal.

One might wonder if overstrict password policy brought this about, except obviously a strict password policy would not allow the password that is stickied to the monitor..

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Nuke on Tuesday May 05 2015, @08:50AM

    by Nuke (3162) on Tuesday May 05 2015, @08:50AM (#179007)

    Vux984 wrote :-

    The slip of paper taped under the keyboard really isn't that bad...... its probably better than it being "password123" and not written down.

    Did you read the TFA that's linked? The password was even dumber than "password123" - it was "password3" - AND it was written down.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by vux984 on Tuesday May 05 2015, @06:53PM

    by vux984 (5045) on Tuesday May 05 2015, @06:53PM (#179205)

    Yeah, I actually stumbled over that factoid after I posted.

    I'd originally misread the line in the summary:

    One might wonder if overstrict password policy brought this about, except obviously a strict password policy would not allow the password that is stickied to the monitor..

    As:

    One might wonder if overstrict password policy brought this about, except obviously a strict password policy would not allow the passwordto be stickied to the monitor..

    The takeaway from that revelation is the password was treated as little more than an annoying formality. Which in some cases it is... I have a password on my HTPC main user account for example because certain things don't work as simply if there is no password defined. But the password itself is trivial, never changes, and everyone in the family knows what it is. So sometimes that's appropriate.

    I'm not sure offhand whether that is the case here. Even the article speculates that its the local login for that terminal and it may not be remotely exploitable... etc... that it might well be like the family user password on my HTPC.