1998-02-09 - Computer design flaw opens airports to terrorism

Header Data

From: William Knowles <erehwon@dis.org>
To: DC-Stuff <dc-stuff@dis.org>
Message Hash: 721bf8957f5a40761f6ec699a5ee4da7dc0beb33b8838bde34de5ad7dc129fb9
Message ID: <Pine.BSI.3.95.980209105236.24419B-100000@kizmiaz.dis.org>
Reply To: N/A
UTC Datetime: 1998-02-09 18:58:41 UTC
Raw Date: Tue, 10 Feb 1998 02:58:41 +0800

Raw message

From: William Knowles <erehwon@dis.org>
Date: Tue, 10 Feb 1998 02:58:41 +0800
To: DC-Stuff <dc-stuff@dis.org>
Subject: Computer design flaw opens airports to terrorism
Message-ID: <Pine.BSI.3.95.980209105236.24419B-100000@kizmiaz.dis.org>
MIME-Version: 1.0
Content-Type: text/plain



NEW YORK (Reuters) [2.9.98] - The computer security systems 
that control access to 40 airports worldwide through electronic
badges have a design flaw that could make them vulnerable 
to terrorism, the New York Times reported Sunday.

California computer security consulting firm, MSB Associates, 
found the flaw in December in a routine audit of a large 
California financial services software company, the identity 
of which was not disclosed, according to the newspaper.

Government buildings, including that of the CIA, and prisons
and industries with sensitive military, drug or financial
information or material also use the system and are also
vulnerable to attack, the Times report said.

American and British aviation officials have notified airports 
of the flaw, the Times said.  The system, introduced several 
years ago by a small company, Receptors, Inc., of Torrance, CA., 
relies on a secure, isolated computer in a guarded room to 
control door-locks and an inventory of electronic badges, 
the Times reported.

The company found, however, that in some cases an individual 
could dial in to the computer and create security badges and 
unlock doors.  Receptors' equipment was removed from the House 
of Representatives after the Inspector General found that 757 
former employees appeared on the rolls of active employees and 
had working badges that would have allowed them access to 
the House buildings, the Times said.

Receptors' chief operating officer Dale Williams said that the 
problem is not with the system but with the way it was installed 
in some cases.  Some systems were connected to networks instead 
of being accessible only by a modem that would only be turned 
on when a Receptor employee performed maintenance, Williams 
told the Times.

Testing the system, MSB found that the problem persisted as 
late as last week in the company they audited, the Times said.  
MSB created a fictitious employee, Millard Fillmore, which the 
company spotted on its rolls and removed. However, even after 
he was removed, the faux former president was still able to gain 
access to the company buildings, meaning any dismissed employee
would have the same access, the Times said.


== 
The information standard is more draconian than the gold
standard, because the government has lost control of the
marketplace.  --  Walter Wriston 
==
http://www.dis.org/erehwon/







Thread