February 24, 2012

Defense’s meetings online with unchanged password

Filed under: Online by Orangemaster @ 9:15 pm

The internal video system of the Dutch defense department was and may even still be online for everyone to see with the factory setting password of the system. Exposed by a security expert, various parts of the department work with a Cisco teleconferencing system that uses Internet and nobody bothered changing the factory password. Names, IP addresses and fun stuff were all online as well.

The Ministry of Defense’s counterargument is that the video system is separate from their network, as it was bought by employees without IT knowing about it and that it was not used very often. Interestingly, log files retrieved by the security expert show that the system was used several times a day.

I bet you the IT people are not happy. And if that’s not sloppy all around, I don’t know what is.

(Link: webwereld.nl, photo: cyberbunker)

Tags: ,