Backdoor in industrial networking hardware
ROS is designed for service with electricity suppliers and in the transport and defence sectors The Rugged Operating System (ROS), an operating system created by the developers at RuggedCom, contains an undocumented backdoor. RuggedCom, a Siemens subsiduary, specialises in industrial grade networking equipment for "harsh environments" and recommends its switches and servers for use in power plants, oil refineries, military environments and traffic monitoring systems.
A posting on a security mailing list has now documented that all ROS systems have a "factory" user account that, the author says, cannot be disabled. Its password is derived from the hardware address of the network interface; a small Perl script demonstrates how a MAC address of00-0A-DC-00-00-00 turns into a password called 60644375. Read more...
Anonymous breaches San Francisco’s public transport site
The hacking collective Anonymous released personal data on Sunday belonging to more than 2,000 public transport customers in the San Francisco area in retaliation for the Bay Area Rapid Transit (BART) system's shutdown of mobile phone service on Thursday night.
The data came from myBART.org and consists of user names, last names, addresses and telephone numbers for riders who used the website to manage their accounts. On Monday, the site was a blank white page with the message that it was unavailable for "renovation." Read more...