Rail Station Wi-Fi Provider in UK Exposed Traveller Data (bbc.com) 19
The email addresses and travel details of about 10,000 people who used free wi-fi at UK railway stations have been exposed online. From a report: Network Rail and the service provider C3UK confirmed the incident three days after being contacted by BBC News about the matter. The database, found online by a security researcher, contained 146 million records, including personal contact details and dates of birth. It was not password protected. Named railway stations in screenshots seen by BBC News include Harlow Mill, Chelmsford, Colchester, Waltham Cross, Burnham, Norwich and London Bridge. C3UK said it had secured the exposed database - a back-up copy that included about 10,000 email addresses -- as soon as it had been drawn to their attention by researcher Jeremiah Fowler, from Security Discovery. "To the best of our knowledge, this database was only accessed by ourselves and the security firm and no information was made publicly available," it said. "Given the database did not contain any passwords or other critical data such as financial information, this was identified as a low-risk potential vulnerability."
People are honest? (Score:2)
When using free wifi and it asks for your name and address why do people give them their real ones?
Usually you just put in "anon@buggeroff.com" as your email and it lets you in. Obviously it records your phone's MAC address but that's still far better than handing over your name and address.
Re: (Score:1)
Yep. BillG@Microsoft.com is gonna be getting a lot of spam. There are systems where you get kicked off the wifi if you don't verify your address within a few minutes of going online, but the UK railway stations have accepted for the last five years (without any proof) that I'm Bill Gates.
Re: (Score:2)
"Yep. BillG@Microsoft.com is gonna be getting a lot of spam. There are systems where you get kicked off the wifi if you don't verify your address within a few minutes of going online"
Then use BillG@yopmail.com or any of the other throwaway email services where you don't have to create an account first.
Additionally, always use a VPN when using such services.
Re: (Score:3)
Re: (Score:1)
Instead of abusing somebodies domain name, like you did, use something that you know is not going to cause any harm, like anon@example.com or abuse@
I use the second one mostly, because it save everybody time to report spam. Another you could use is postmaster@...
However often you need to click on a link to confirm the email address. For that you best have a throwaway account.
Now you and I and everybody here is able to set something up like that, even linking it to a 'real' account if we sol like by using the filters that are possible. The 99% of the rest of the world are not able to do that or to understand why. They will also tell you they use a PC not a MAC. They have NO idea what a MAC address is.
And even if I use a dummy account, the fact remains that using a dummy account should not be needed.
Saying "I know how to solve the problem" is not a solution of the problem. It is a confirmation that the problem exist. What you do is blaming the victim for being a victim.
Agreed using an email which is throwaway is the best solution.
Re: (Score:2)
Comment removed (Score:3)
Re: (Score:2)
Interesting. I had a locomotive with a plaque that said "40 years service, 2012". And this is a mainline railway, mind you, not a heritage railway. Why would you celebrate such historic rolling stock? And it is belching some unimaginable stinky black smoke.
Re: (Score:2)
Use-by Date (Score:2)
Re: (Score:2)
The OP is clearly exaggerating and/or trolling.
Having said that, while the GWR HSTs have been replaced on long distance services, their local services in many areas are still run with old diesels with nothing approaching modern emissions controls, either class 15x DMUs or in some cases shortened HSTs.
The government dodged a bullet because they had specified bi-modes and electric only trains to the same basic design. So when the electrification program hit the rocks they were able to change the great western
Re: (Score:2)
You got a bus? Luxury! Here in Boston we have trains that stop functioning when it gets cold out. To get to your destination you have to wait for the weather to change.
Visit the North (Score:2)
Because Great Western Rail adheres exclusively to a combination of belching diesel trains from the sixties...
I thought GWR just got a whole load of new trains? [gwr.com]. If you want to see a "belching diesel" and a bus at the same time you need to visit the North where the wonderful Northern Rail still runs converted Leyland buses from the 1980's [bbc.com] because they can't get their new ones to work probably because they based them on Boris' Routemaster double-decker.
Can we all agree (Score:3)
That if it's public wi-fi, it is:
(1) Poorly configured
(2) Never patched
(3) Leaking data like a sieve.
(4) All of the above
(5) on purpose.
Re: (Score:2)
VPN on any open wi-fi (Score:2)