GNER print passwords - but realise just in time

Discussion in 'UK Railway Discussion' started by yorkie, 10 Jun 2005.

Thread Status:
Not open for further replies.
  1. yorkie

    yorkie Forum Staff Staff Member Administrator

    6 Jun 2005

    GNER's computer passwords printed in magazine gaffe

    THE train operator GNER mistakenly published passwords to its computer system in an onboard magazine read by almost 100,000 passengers.

    Pictures printed in the April/May edition of Livewire magazine, distributed on GNER's east-coast mainline services between Aberdeen and London, showed mainframe and computer passwords written on an employee whiteboard.

    The photographs were taken by a staff photographer to illustrate a training course at the operator's control centre in York.

    The pictures have been snapped up by at least one online blogging site and have led a computer security specialist to label them "a blown-up, up-close example of human stupidity".

    A GNER spokesman, Andy Naylor, said no sensitive information was compromised, as the error was caught before the magazine was put on to trains. GNER's technology team has since overhauled the compromised password systems.

    "We've quickly changed the password and user accounts so that no-one outside our company could get into our corporate data. Obviously the lesson's been learned and it was an error to print the photograph, but it was never any risk to our passengers," he said.

    Mr Naylor also confirmed that passwords were no longer being written on the whiteboard.

    GNER carries about 15 million passengers a year. The company's computer mainframe would have likely contained confidential information for many of these passengers, such as addresses and credit-card numbers, according to IT experts.

    Angus McIlwraith, a computer security specialist, said the photographs illustrate how even state-of-the-art security systems are only as reliable as their human operators.

    "We're spending all this money on new technology - firewalls, antivirus software, cryptographic equipment, access control software, IDs, passwords, smart cards, etc - many of which are unnecessary because people leave the back door open," he said.

    Mr McIlwraith said he had already seen the picture of the compromised passwords on an online blogging site hosted by the University of Leeds.

    He said the photographs have amused the IT security community, which, he said, constantly battles against "the pitfalls of human error and stupidity".

    About 70 per cent of IT security breaches are due to human error, said Mr McIlwraith. "Information is the new gold. Until a change in culture occurs to acknowledge this, there will always be careless human blunders," he added.

    Businesses need to alert employees clearly to security procedures, and individuals should choose passwords that are both secure and easy to remember, security specialists recommend.

    Passwords written on whiteboards, notes or even notepads should be forbidden.
  2. Registered users do not see these banners - join or log in today!

    Rail Forums

  3. Simming

    Simming Established Member

    8 Jun 2005

    How Stupid can some people get? It Makes you wonder

    Has anyone heard of the Darwin Awards...?
  4. clagmonster

    clagmonster Established Member

    8 Jun 2005
    That is against the data protection act and could lead to prosecution. I think it's a disgrace that such idiots are running our railways and our in charge of our safety. By the way, have they actually thought to change the password.
  5. Andrew

    Andrew Member

    7 Jun 2005
Thread Status:
Not open for further replies.

Share This Page