From: William Knowles <erehwon@dis.org>
To: DC-Stuff <dc-stuff@dis.org>
Message Hash: 721bf8957f5a40761f6ec699a5ee4da7dc0beb33b8838bde34de5ad7dc129fb9
Message ID: <Pine.BSI.3.95.980209105236.24419B-100000@kizmiaz.dis.org>
Reply To: N/A
UTC Datetime: 1998-02-09 18:58:41 UTC
Raw Date: Tue, 10 Feb 1998 02:58:41 +0800
From: William Knowles <erehwon@dis.org>
Date: Tue, 10 Feb 1998 02:58:41 +0800
To: DC-Stuff <dc-stuff@dis.org>
Subject: Computer design flaw opens airports to terrorism
Message-ID: <Pine.BSI.3.95.980209105236.24419B-100000@kizmiaz.dis.org>
MIME-Version: 1.0
Content-Type: text/plain
NEW YORK (Reuters) [2.9.98] - The computer security systems
that control access to 40 airports worldwide through electronic
badges have a design flaw that could make them vulnerable
to terrorism, the New York Times reported Sunday.
California computer security consulting firm, MSB Associates,
found the flaw in December in a routine audit of a large
California financial services software company, the identity
of which was not disclosed, according to the newspaper.
Government buildings, including that of the CIA, and prisons
and industries with sensitive military, drug or financial
information or material also use the system and are also
vulnerable to attack, the Times report said.
American and British aviation officials have notified airports
of the flaw, the Times said. The system, introduced several
years ago by a small company, Receptors, Inc., of Torrance, CA.,
relies on a secure, isolated computer in a guarded room to
control door-locks and an inventory of electronic badges,
the Times reported.
The company found, however, that in some cases an individual
could dial in to the computer and create security badges and
unlock doors. Receptors' equipment was removed from the House
of Representatives after the Inspector General found that 757
former employees appeared on the rolls of active employees and
had working badges that would have allowed them access to
the House buildings, the Times said.
Receptors' chief operating officer Dale Williams said that the
problem is not with the system but with the way it was installed
in some cases. Some systems were connected to networks instead
of being accessible only by a modem that would only be turned
on when a Receptor employee performed maintenance, Williams
told the Times.
Testing the system, MSB found that the problem persisted as
late as last week in the company they audited, the Times said.
MSB created a fictitious employee, Millard Fillmore, which the
company spotted on its rolls and removed. However, even after
he was removed, the faux former president was still able to gain
access to the company buildings, meaning any dismissed employee
would have the same access, the Times said.
==
The information standard is more draconian than the gold
standard, because the government has lost control of the
marketplace. -- Walter Wriston
==
http://www.dis.org/erehwon/
Return to February 1998
Return to “William Knowles <erehwon@dis.org>”
1998-02-09 (Tue, 10 Feb 1998 02:58:41 +0800) - Computer design flaw opens airports to terrorism - William Knowles <erehwon@dis.org>