A switch with networking configurations and passwords for the UK traffic control centre was offered for sale on eBay, raising serious security concerns.The £20 Cisco Catalyst switch was bought by security consultant Michael Kemp, co-founder at Xiphos Research Labs, who quickly discovered that it has been used at the National Air Traffic Services (NATS) centre in Prestwick by contractor Serco. Data on the switch included supervisor credentials, internal VLAN and other networking configurations and upstream switch addresses as well as domains, gateways and syslogs.
........
"Practical consequences are hard to call," Kemp explained. "But we have full details of their internal VLAN estate, SNMP community strings (read and write, named after aircraft funnily enough), some idea about password composition, VTP Trunk info and password, and details of upstream switching.
"Basically what that means is that we could wander up to Prestwick and be Serco for a bit, slot in our own switch (with no outside, adult help) and control all traffic that was switched over it.
.....
Click here to read more ......
Solutions : www.xcyss.in
........
"Practical consequences are hard to call," Kemp explained. "But we have full details of their internal VLAN estate, SNMP community strings (read and write, named after aircraft funnily enough), some idea about password composition, VTP Trunk info and password, and details of upstream switching.
"Basically what that means is that we could wander up to Prestwick and be Serco for a bit, slot in our own switch (with no outside, adult help) and control all traffic that was switched over it.
.....
Click here to read more ......
Solutions : www.xcyss.in
No comments:
Post a Comment