We discovered a serious vulnerability in the Known Crewmember (KCM) and Cockpit Access Security System (CASS) programs used by the Transportation Security Administration.
If Security through Obscurity isn’t working, consider Security through Stupidity, I guess.
I worked with some oilfield SCADS folks in the early 2000’s who used open IP for their valves, who were very convinced no one would use their equipment because “no one knew they were there.” At some point, it’s no longer trust in good actors.
Compliments to the authors, someone owes these guys challenge coins.
If Security through Obscurity isn’t working, consider Security through Stupidity, I guess.
I worked with some oilfield SCADS folks in the early 2000’s who used open IP for their valves, who were very convinced no one would use their equipment because “no one knew they were there.” At some point, it’s no longer trust in good actors.
Compliments to the authors, someone owes these guys challenge coins.
Good ol’ hanlon’s razor.