Justin Clark, who back in April pinged industrial control vendor RuggedCom over a backdoor that existed in control systems based on its ROS operating system, has turned up a second vulnerability in the form of a hard-coded RSA key. The original backdoor was a simple undocumented account designed to provide admin access in case …
Honestly an undocumented account in this day and age? They must be keen on committees to decide features over @rugged as it certainly sounds like a committee decision. As for the hard-coded RSA key........
Fact is you should not be losing the info that allows you to manage such expensive high-reliance devices, store it securely ffs. Best working practise anyone? .....Guess not especially when you produce smart grid management devices.
Imagine that meeting when the idea got forced on the programmers
Manager1: Hey 5% of our customers have needed help regaining control of our devices over the last financial year. It's costing us to much to provide support to them.
Manager2: How about a super uber secret backdoor to allow them to regain control without having to contact us for support? Thus lowering our support costs even though our parent company *cough* prides it's self on being a service orientated provider of many technologies.
Manager3: Is that unsafe? An attackvectorthingymajig?
manager2: Ok.....(bleet bleet)
Manager3: Ok.....(bleet bleet)
Manager1: Done for the day gents. I'm off for some steak and strippers on the company coin!
- Product round-up Six of the best gaming keyboard and mouse combos
- LinuxCon 2014 GitHub.io killed the distro star: Why are people so bored with the top Linux makers?
- Opinion IT blokes: would you say that LEWD comment to a man? Then don't say it to a woman
- 6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
- Linux turns 23 and Linus Torvalds celebrates as only he can