<$BlogRSDUrl$>

A technology blog for The Economist Group IT team

Tuesday, February 15, 2005

Continuing a thread that Dave and I were on a few weeks ago, I read a story by Aaron Greenspan, a whitehat hacker, about the gaping security holes in the wireless Internet service provided at South Station in Boston, MA.

http://www.thinkcomputer.com/corporate/news/southstation.pdf

I found the story interesting, not because of the possibility of credit card numbers being revealed, but because of the mistakes made by the techies that set up the service. They seem very careless at first: including a graphic on a secure site that is pulled from an unsecure page, independent client data stored in sequentially numbered directories, username/password combinations such as south/station.

But I can see how easily mistakes like these can be made if someone is more concerned with getting a service working than making sure it is fully secured. Still, if these holes were exploited I'm sure some heads would roll.

Do we need to assume a siege mentality when rolling out new services?
Comments: Post a Comment

This page is powered by Blogger. Isn't yours?