Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Government Security Databases Privacy Transportation

Security Lapse Exposed New York Airport's Critical Servers For a Year (zdnet.com) 45

An anonymous reader quotes a report from ZDNet: A security lapse at a New York international airport left its server backups exposed on the open internet for almost a year, ZDNet has found. The internet-connected storage drive contained several backup images of servers used by Stewart International Airport, but neither the backup drive nor the disk images were password protected, allowing anyone to access their contents. Since April last year, the airport had been inadvertently leaking its own highly-sensitive files as a result of the drive's misconfiguration. Vickery, who also posted an analysis of his findings, said the drive "was, in essence, acting as a public web server" because the airport was backing up unprotected copies of its systems to a Buffalo-branded drive, installed by a contract third-party IT specialist. When contacted Thursday, the contractor dismissed the claims and would not comment further. Though the listing still appears on Shodan, the search engine for unprotected devices and databases, the drive has since been secured. The files contained eleven disk images, accounting for hundreds of gigabytes of files and folders, which when mounted included dozens of airport staff email accounts, sensitive human resources files, interoffice memos, payroll data, and what appears to be a large financial tracking database. Many of the files we reviewed include "confidential" internal airport documents, which contain schematics and details of other core infrastructure.
This discussion has been archived. No new comments can be posted.

Security Lapse Exposed New York Airport's Critical Servers For a Year

Comments Filter:
  • What is up with companies putting every machine they have on an open internet connection?
    Once there used to be well considered decisions on what bits of the corporate infrastructure needed to be exposed at all.
    Do they now hire just anybody who knows how to type a password by himself, and say "go for it! set up our security!".

    • My nephew is about to graduate from high school, and he's real interested in computer security... I think he's well qualified for that job of yours... don-cha-know?

    • by Anonymous Coward

      Do they now hire just anybody who knows how to type a password by himself, and say "go for it! set up our security!".

      This is what you get when a company views IT as strictly an expense that should be minimized, not an asset that keeps your shit working and secure.

  • by msauve ( 701917 ) on Friday February 24, 2017 @05:25PM (#53926095)
    Now there's an enterprise class backup solution! I take it this "IT specialist" was promoted from the ranks of Yahoo.
  • by Anonymous Coward

    Stewart is a relatively small airport They handle a relatively small number of commercial flights in a day. A minor number are international. It qualifies as an international airport by virtue of having customs and handling a few international flights, but at least this somewhere like Newark Liberty or JFK, it's an airport way out in the country in Orange County, an hour from NYC. Making a mistake like this at an airport this size, while in excusable, is not a shock.

    • Oh, it's even better than that. They call themselves "international", but they don't actually have a *single* scheduled international flight at this time. They do have an agreement with Norwegian to start flying from there to Europe, but with only three flights per day. (And Norwegian's website won't even let you select Stewart as a destination or point of departure, yet).

      And courtesy of the Bureau of Transportation, as of November 2016 they have only *eight* scheduled flights per day in *total* to any de
      • by tlhIngan ( 30335 )

        Oh, it's even better than that. They call themselves "international", but they don't actually have a *single* scheduled international flight at this time. They do have an agreement with Norwegian to start flying from there to Europe, but with only three flights per day. (And Norwegian's website won't even let you select Stewart as a destination or point of departure, yet).

        And courtesy of the Bureau of Transportation, as of November 2016 they have only *eight* scheduled flights per day in *total* to any dest

  • by Anonymous Coward

    I've been flown out of Stewart a couple of times. It's the departure point for New York area Federal prisoners bound for FTC Oklahoma City and other points. The US Marshals drive buses and vans from all over the area (MDC Brooklyn, MCC Manhattan, Danbury, Ft. Dix, etc.) every Tuesday and Thursday afternoon to Stewart to meet a white, unmarked JPATS jet (737 or MD-80). Prisoners are usually in paper jumpsuits, shackled ankles, wrists, and waist, and are patted down on the apron next to the jet.

    Transfer ta

  • The external I.T. support guy didn't know you can shut that shit off, or at the very least put a decent hardware firewall in front of it?

You know you've landed gear-up when it takes full power to taxi.

Working...