Come fly the insecure skies, a lesson in IT deployment at one of the largest US airports

C’mon, folks. A simple vulnerability assessment would have discovered this issue.

In what can only be called the mother of all inept network deployments, guest access was left on this Internet-facing content management system and a file marked PUBLIC that was supposed to be only for the staff of the airport had a sub folder called /security which had the airport’s network documentation, security procedures documents, airport terminal hardware manuals and internal financial documents. All of this was found within the first 30 minutes of only basic Googling from his airplane waiting seat, says Halfpap.

The biggest concern is the lack of response from the airport’s IT staff:

Armed with this information he contacted the airport in January 2012 to talk with the CIO or someone in charge of information security. But Halfpap got no response. No voice mails were ever returned. Halfpap tried contacting McCarran Airport via email as well and via its public Twitter account; he got no response.

See via “Come fly the insecure skies, a lesson in IT deployment at one of the largest US airports” on betanews.

About Kevin

Kevin Jarnot is a technologist who lives just South of Boston, MA. He is currently employed as Chief Technology Officer at DebtX, a financial services technology company based in Boston.
This entry was posted in Security, Stupidity, Tech and tagged . Bookmark the permalink.

Leave a Reply