[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Computer design flaw opens airports to terrorism

To: DC-Stuff <[email protected]>
Subject: Computer design flaw opens airports to terrorism
From: William Knowles <[email protected]>
Date: Mon, 9 Feb 1998 10:53:56 -0800 (PST)
cc: [email protected]
Organization: Home for retired social engineers & unrepented cryptophreaks
Sender: [email protected]


NEW YORK (Reuters) [2.9.98] - The computer security systems 
that control access to 40 airports worldwide through electronic
badges have a design flaw that could make them vulnerable 
to terrorism, the New York Times reported Sunday.

California computer security consulting firm, MSB Associates, 
found the flaw in December in a routine audit of a large 
California financial services software company, the identity 
of which was not disclosed, according to the newspaper.

Government buildings, including that of the CIA, and prisons
and industries with sensitive military, drug or financial
information or material also use the system and are also
vulnerable to attack, the Times report said.

American and British aviation officials have notified airports 
of the flaw, the Times said.  The system, introduced several 
years ago by a small company, Receptors, Inc., of Torrance, CA., 
relies on a secure, isolated computer in a guarded room to 
control door-locks and an inventory of electronic badges, 
the Times reported.

The company found, however, that in some cases an individual 
could dial in to the computer and create security badges and 
unlock doors.  Receptors' equipment was removed from the House 
of Representatives after the Inspector General found that 757 
former employees appeared on the rolls of active employees and 
had working badges that would have allowed them access to 
the House buildings, the Times said.

Receptors' chief operating officer Dale Williams said that the 
problem is not with the system but with the way it was installed 
in some cases.  Some systems were connected to networks instead 
of being accessible only by a modem that would only be turned 
on when a Receptor employee performed maintenance, Williams 
told the Times.

Testing the system, MSB found that the problem persisted as 
late as last week in the company they audited, the Times said.  
MSB created a fictitious employee, Millard Fillmore, which the 
company spotted on its rolls and removed. However, even after 
he was removed, the faux former president was still able to gain 
access to the company buildings, meaning any dismissed employee
would have the same access, the Times said.


== 
The information standard is more draconian than the gold
standard, because the government has lost control of the
marketplace.  --  Walter Wriston 
==
http://www.dis.org/erehwon/

Prev by Date: Argentina rules: no software copyright
Next by Date: what is video-collage.com?
Prev by thread: Argentina rules: no software copyright
Next by thread: time to learn chinese?
Index(es):
- Date
- Thread