The Register said:What looks like system passwords at one of London's busiest railway stations – printed and attached to the top of a station controller's monitor – were exposed to viewers during a BBC documentary on Wednesday night.
The login credentials were visible just before the 44 minute minute mark in the documentary Nick and Margaret: The Trouble With our Trains. The creds could be seen stuck to a monitor during a scene where the two business experts, best known for their supporting role on The Apprentice went into London Waterloo's control room.
A cropped screen-cap of the offending monitor with the machine-produced login (utility unknown) can be found here (note that screen-cap is 3,000px wide/180kB, if you're on a mobile device or a slow connection). The screenshot seems to be of the workstation on a signaller's control desk which appears to be running software that controls signals and trains over the final approach to Waterloo station. A live map of Waterloo displaying the same type of information can be found here.
The documentary, starring Nick Hewer and Margaret Mountford, is available via YouTube here. El Reg flagged up the snafu to National Rail in the interests of encouraging a switch of passwords.
There are precedents for visual security slip-ups of this kind. Back in 2012 the UK's Ministry of Defence was obliged to reset user names and passwords following the publication of pictures of the Duke of Cambridge at work as a helicopter pilot on an RAF station.
Some of the pictures, released by St James's Palace, showed Prince William at work at RAF Valley but failed to redact sensitive login info, written on a bulletin boards in the background of shots taken at the RAF base in north Wales. The pictures were pulled but not before they had been widely circulated, as El Reg reported at the time.
More recently, the Wi-Fi passwords for the security team for Super Bowl XLVIII and the Brazil 2014 World Cup were broadcast live on air. Some security experts argue that Wi-Fi password slip-ups aren't that big a deal. However, French network TV5Monde's failure to keep its passwords secret not once – but twice – in the aftermath of getting knocked off the air by pro-ISIS hackers is surely deeply unwise.
More examples of people and organisations accidentally broadcasting their password on live TV can be found in a blog post here.
The lesson is: when TV crews visit, remember to wipe the whiteboard.
http://www.theregister.co.uk/2015/05/01/london_rail_station_exposes_signal_system_passwords/
Last edited: