Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Databases Security The Almighty Buck Communications Encryption Government Network Networking Privacy The Internet United States News Technology

Leaky Database Leaves Oklahoma Police, Bank Vulnerable To Intruders (dailydot.com) 16

blottsie quotes a report from The Daily Dot: A leaky database has exposed the physical security of multiple Oklahoma Department of Public Safety facilities and at least one Oklahoma bank. The vulnerability -- which has reportedly been fixed -- was revealed on Tuesday by Chris Vickery, a MacKeeper security researcher who this year has revealed numerous data breaches affecting millions of Americans. The misconfigured database, which was managed by a company called Automation Integrated, was exposed for at least a week, according to Vickery, who said he spoke to the company's vice president on Saturday. Reached on Tuesday, however, an Automation Integrated employee said "no one" in the office was aware of the problem. Vickery was able to retrieve images of various doors, locks, RFID access panels, and the controller board of an alarm system all of which could be previously accessed without a username or password. The database also contained "details on the make, model, location, warranty coverage, and even whether or not the unit was still functional," Vickery said. What's worse is that Automated Integration is far from the only company whose database are left exposed online. "I have a constantly fluctuating list of 50 to 100 similar breaches that need to be reported," he said. "This one just happened to involve a security-related company and government buildings, so it got bumped to the top of my list."
This discussion has been archived. No new comments can be posted.

Leaky Database Leaves Oklahoma Police, Bank Vulnerable To Intruders

Comments Filter:
  • how else will Tina in payroll make her TPS reports!? She has problems sending faxes out, just imagine if she had to follow a rigid security policy insead of just clicking a button on her in-house programmed VBA front end for Access (or excel)!!

    {because competent employees are worth less than pretty ones, if you believe the statistics on employment retention and wages earned. we get what we deserve.}

  • I think it is about time we all agreed the ever growing password and 2 level checking even with a mobile is verging on becoming a complete fail. What we need is an open security standard that not only securely transmits data but allows a user to use their web services "without a password". Im thinking some type of smart dongle with a rotating 2048 bit key with a fingerprint reader built in that can scan up to 10 finger prints (users can have a multi fingerprint login sequence). The dongle should work with m

"Oh my! An `inflammatory attitude' in alt.flame? Never heard of such a thing..." -- Allen Gwinn, allen@sulaco.Sigma.COM

Working...