Wednesday, November 09, 2005
Riga Airport easy to hack?
A source e-mailed me, then met me at a cafe with wireless internet and proceeded to demonstrate how easy it was to take control of the webserver of Riga International Airport. My source, an IT specialist employed by a respectable company, said it would probably be easy to get into the airport's intranet or internal web, as well as its mailserver. Sensitive information with regard to security, anti-terrorist precautions, etc., could probably be found on both. One reason for this could be that the webserver, at least, was running Windows NT4, as installed in 2000 and that there seemed to be no apparent security precautions.
What was demonstrated to me was how to command the server to access an image from another website, an indication that other commands given by non-authorized parties could be executed or inserted remotely, including malicious code and malware. This will be in my day job newspaper on November 10.
Above is a screenshot of the "experiment". The person in the image has nothing to do with any of this, it was randomly lifted from www.face.lv, a social networking site.