GNER print passwords - but realise just in time

Status
Not open for further replies.

yorkie

Forum Staff
Staff Member
Administrator
Joined
6 Jun 2005
Messages
50,914
Location
Yorkshire
From http://thescotsman.scotsman.com/scotland.cfm?id=635692005

GNER's computer passwords printed in magazine gaffe
EBEN HARRELL

THE train operator GNER mistakenly published passwords to its computer system in an onboard magazine read by almost 100,000 passengers.

Pictures printed in the April/May edition of Livewire magazine, distributed on GNER's east-coast mainline services between Aberdeen and London, showed mainframe and computer passwords written on an employee whiteboard.

The photographs were taken by a staff photographer to illustrate a training course at the operator's control centre in York.

The pictures have been snapped up by at least one online blogging site and have led a computer security specialist to label them "a blown-up, up-close example of human stupidity".

A GNER spokesman, Andy Naylor, said no sensitive information was compromised, as the error was caught before the magazine was put on to trains. GNER's technology team has since overhauled the compromised password systems.

"We've quickly changed the password and user accounts so that no-one outside our company could get into our corporate data. Obviously the lesson's been learned and it was an error to print the photograph, but it was never any risk to our passengers," he said.

Mr Naylor also confirmed that passwords were no longer being written on the whiteboard.

GNER carries about 15 million passengers a year. The company's computer mainframe would have likely contained confidential information for many of these passengers, such as addresses and credit-card numbers, according to IT experts.

Angus McIlwraith, a computer security specialist, said the photographs illustrate how even state-of-the-art security systems are only as reliable as their human operators.

"We're spending all this money on new technology - firewalls, antivirus software, cryptographic equipment, access control software, IDs, passwords, smart cards, etc - many of which are unnecessary because people leave the back door open," he said.

Mr McIlwraith said he had already seen the picture of the compromised passwords on an online blogging site hosted by the University of Leeds.

He said the photographs have amused the IT security community, which, he said, constantly battles against "the pitfalls of human error and stupidity".

About 70 per cent of IT security breaches are due to human error, said Mr McIlwraith. "Information is the new gold. Until a change in culture occurs to acknowledge this, there will always be careless human blunders," he added.

Businesses need to alert employees clearly to security procedures, and individuals should choose passwords that are both secure and easy to remember, security specialists recommend.

Passwords written on whiteboards, notes or even notepads should be forbidden.
 
Sponsor Post - registered members do not see these adverts; click here to register, or click here to log in
R

RailUK Forums

clagmonster

Established Member
Joined
8 Jun 2005
Messages
2,258
That is against the data protection act and could lead to prosecution. I think it's a disgrace that such idiots are running our railways and our in charge of our safety. By the way, have they actually thought to change the password.
 

Andrew

Member
Joined
7 Jun 2005
Messages
175
clagmonster said:
By the way, have they actually thought to change the password.

The article said:
"We've quickly changed the password and user accounts so that no-one outside our company could get into our corporate data. Obviously the lesson's been learned and it was an error to print the photograph, but it was never any risk to our passengers," he said.
 
Status
Not open for further replies.

Top