Auctioned server becomes security nightmare

Share this article:

A VPN server that was bought for less than a dollar on eBay proved to be a security nightmare as the new user found that it automatically connected itself to private networks.

Andrew Mason from Random Storm, a UK-based vulnerability management firm, picked up the Cisco Virtual Private Network from eBay in August. When he plugged the device in, it connected itself to an English metropolitan borough's servers.

A spokesperson for the borough, Kirklees, said it was a reason for concern, but remained confident that “multiple layers of security” prevented access to data. The spokesperson said, “In the meantime the disposal process has been suspended until an investigation can be carried out and appropriate action taken.”

Richard Farnworth, general manager, Enterprise Solutions, NEC (UK), said: “Protecting networking equipment and network topology is just as important in preventing security breaches as the recent spate of laptop, CD and memory stick losses we have seen. This latest announcement should not only act as a wake-up call to others, but demonstrated the growth in utility and appliance-style computing where the data and the intelligence is as much inherently ‘in' the network as those devices that connect to the network."

He added: “As so much dependence is placed upon connectivity in the ‘networked society' we belong to, it is imperative that both public sector organizations and commercial businesses take special care when disposing of any IT products. It will not come as a surprise that many ‘black box' devices hold configuration information within them and even consumers have cottoned on to the importance of securing their wireless networks at home, wiping hard disk drives before disposing of PCs and clearing memory banks in mobile telephones before sending them off for recycling.”

Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.