Computer security is about finding front doors

This excellent little piece in Wired tells about a security researchers who could spy on corporate meetings by simply scanning for conference phones with “automatic accept” configured:

Using a program that Moore wrote, the researchers found the conference rooms by scanning the Internet for videoconference systems that were set up outside firewalls and configured to automatically answer calls.

In less than two hours, they found systems installed in 5,000 conference rooms around the country, including an attorney-inmate meeting room at a prison, an operating room at a university medical center, and a venture capital company where prospects were pitching their companies while laying out their financial details on a screen in the room.

As I always say – introduce too complex technology and too onerous password rules, and you end up with people using the same password for everything, ditching passwords altogether – or writing the password on a Post-It note and taping it to the back of their keyboards.

Advertisements