
where jurors have been told they can keep their hands, coats and gloves on
Well, I guess the latter two are optional, but the first? I thought that sort of thing was more the province of the Taliban?
Nearest thing to a legal icon --->
The Ministry of Justice has secured a set of Wi-Fi access points that potentially gave admin access to industrial control equipment after a tipoff by The Register. Four unsecured wireless networks named "Boiler Pump 1" to "Boiler Pump 4" were freely accessible in the Royal Courts of Justice (RCJ) until The Register told …
I bet you are not far off. A few years ago a case made waves in Slovakia where an underage "hacker" broke into the main Internet-facing gateway/mail server of the country's national security bureau (abbr. NBUSR) with root password, no joke, "nbusr123". If I recall the fallout correctly the office proceeded to file a complaint with the police against the youth and assign one official to sit in front of a KVM screen all day, monitoring traffic, and to disconnect the RJ-45 connector at the end of their shift, rendering the Internet presence of the bureau to be accessible within official hours only. The authorities saw no problem in any of said steps.
A while ago I discovered that PlusNet had secured their supplied router from their end. (Administration accessible from the WAN! Secure? Really?) locking the LAN admin out from managing the DHCP server. I replaced it. The new one insists the straight out of the box or from a factory reset that the user change the password before going on to set up the external connection so at least somebody does it right.
Bonus points if the "create a new passwd to continue" page is done by different group to the login page and used different JS to validate valid passwd
Yes looking at your <$Bn network company> who sanitises username/passwd so they can't start with a $ but does allow that at the initial setup prompt
Yup, had that with a (I think) banking password.
Created a password. It then prompted for a username/password but wouldn't let me in with the newly created password as it didn't conform to their password standards... then to top it all, it wouldn't let me use 'lost/forgotten password' as I hadn't yet got to validate the username
(and I obviously couldn't create a new ID as the credentials are already assigned)
If people were then wearing coats inside, then I suspect the entire heating system has been disabled instead! Maybe no-one on site has the ability to do anything more?
I'm sure a 'consultant' will be along any time soon once s/he's had their pockets stuffed with wads of cash ...
Let me guess: They opened a support ticket about the cold, but support couldn't access the system via wifi to adjust the setting. So the first ticket remains open, and now there's a second ticket to restart the wifi.
Why has nobody asked the obvious question of "Why does it need a WiFi presence in the first place ?"
The physical security offered by a cable connection on something that shouldn't need any real ongoing configuration should be the default as this sort of kit will generally be in a physically secured location to start with.
I bet the same sort of thing happens on Bluetooth connections for similar reasons.
Here I am freezing my 'nads off, huddled round a 'facilities management'-supplied fan heater, 'cos the buildings heating has failed AGAIN! Alternatively I could drag myself out into the stairwell as the (pointless!) radiators there are the only ones that seem to be working
Hacked WiFi... you're kidding me... if it's 'automated' it will be via a 300bps dial-up modem connected to a black box in the basement... more likely to be some clockwork set up to strike a match every morning
I used to control (many) boiler houses by just that method - a 300 Baud modem made by Case, a runtime environment apparently programmed in Pascal running on a HP computer (not a PC compatible - HPIB for the win!) and orange boxes in the remote boiler houses (those who know will know!).
We were updating the bolerhouses to 1200 Baud modems at vast expense (£100ish each at the time; back then £100 was really something, not what you might piss up against the wall on a Friday night), but often the 300 Baud beast was the only thing that could tolerate the shocking lines BT generally provided; as far as I could tell it would happily connect over a piece of wet string.
Those were the days...
/me sobs into the morning tea remebering the good old days and mine's the one with white beard hairs down the front.
How visible are these WAPs?
I had a logger installed recently, in the loft, as part of the solar panel system.
The main installation is terrific but the electrician who installed the logger is not an IT type.
The result was a massively insecure pile of amateurism that also flooded 2.4g on our router.
This has since been corrected (by me), and a new WAP installed, upstairs, to ‘suck’ the traffic.
Sometimes it is just lack of knowledge but.... at the RCJ?
> The ancient right of every Briton to enter a courtroom and sit in the public gallery watching the proceedings ...
This presumably extends to every Briton watching everything happening on the court WiFi.
There's nothing new. Decades back they added key-card entry to my school buildings. The installers never asked for an IP but I found their gear squatting on "my" subnet. OK, but 69 seconds in Google had me the docs and the default password, and 13 seconds more to try and succeed to get all privilege on their security boxes. I didn't touch nothing (I swear!) but dropped a note to university net-ops cc:security woman.
I still wonder how many OTHER jobs those installers walked away from (and cashed the payment for) while leaving them wide-open to any kiddie-hack in sight?