From http://thescotsman.scotsman.com/scotland.cfm?id=635692005 GNER's computer passwords printed in magazine gaffe EBEN HARRELL THE train operator GNER mistakenly published passwords to its computer system in an onboard magazine read by almost 100,000 passengers. Pictures printed in the April/May edition of Livewire magazine, distributed on GNER's east-coast mainline services between Aberdeen and London, showed mainframe and computer passwords written on an employee whiteboard. The photographs were taken by a staff photographer to illustrate a training course at the operator's control centre in York. The pictures have been snapped up by at least one online blogging site and have led a computer security specialist to label them "a blown-up, up-close example of human stupidity". A GNER spokesman, Andy Naylor, said no sensitive information was compromised, as the error was caught before the magazine was put on to trains. GNER's technology team has since overhauled the compromised password systems. "We've quickly changed the password and user accounts so that no-one outside our company could get into our corporate data. Obviously the lesson's been learned and it was an error to print the photograph, but it was never any risk to our passengers," he said. Mr Naylor also confirmed that passwords were no longer being written on the whiteboard. GNER carries about 15 million passengers a year. The company's computer mainframe would have likely contained confidential information for many of these passengers, such as addresses and credit-card numbers, according to IT experts. Angus McIlwraith, a computer security specialist, said the photographs illustrate how even state-of-the-art security systems are only as reliable as their human operators. "We're spending all this money on new technology - firewalls, antivirus software, cryptographic equipment, access control software, IDs, passwords, smart cards, etc - many of which are unnecessary because people leave the back door open," he said. Mr McIlwraith said he had already seen the picture of the compromised passwords on an online blogging site hosted by the University of Leeds. He said the photographs have amused the IT security community, which, he said, constantly battles against "the pitfalls of human error and stupidity". About 70 per cent of IT security breaches are due to human error, said Mr McIlwraith. "Information is the new gold. Until a change in culture occurs to acknowledge this, there will always be careless human blunders," he added. Businesses need to alert employees clearly to security procedures, and individuals should choose passwords that are both secure and easy to remember, security specialists recommend. Passwords written on whiteboards, notes or even notepads should be forbidden.