Justin Clark, who back in April pinged industrial control vendor RuggedCom over a backdoor that existed in control systems based on its ROS operating system, has turned up a second vulnerability in the form of a hard-coded RSA key. The original backdoor was a simple undocumented account designed to provide admin access in case …
Honestly an undocumented account in this day and age? They must be keen on committees to decide features over @rugged as it certainly sounds like a committee decision. As for the hard-coded RSA key........
Fact is you should not be losing the info that allows you to manage such expensive high-reliance devices, store it securely ffs. Best working practise anyone? .....Guess not especially when you produce smart grid management devices.
Imagine that meeting when the idea got forced on the programmers
Manager1: Hey 5% of our customers have needed help regaining control of our devices over the last financial year. It's costing us to much to provide support to them.
Manager2: How about a super uber secret backdoor to allow them to regain control without having to contact us for support? Thus lowering our support costs even though our parent company *cough* prides it's self on being a service orientated provider of many technologies.
Manager3: Is that unsafe? An attackvectorthingymajig?
manager2: Ok.....(bleet bleet)
Manager3: Ok.....(bleet bleet)
Manager1: Done for the day gents. I'm off for some steak and strippers on the company coin!
- Asteroid's DINO KILLING SPREE just bad luck – boffins
- Just TWO climate committee MPs contradict IPCC: The two with SCIENCE degrees
- Stick a 4K in them: Super high-res TVs are DONE
- BEST BATTERY EVER: All lithium, all the time, plus a dash of carbon nano-stuff
- Review You didn't get the MeMO? Asus Pad 7 Android tab is ... not bad