Law firm insisted on one password to rule them all

https://image.theregister.com/5269587.jpg?imageId=5269587&x=0&y=0&cropw=100&croph=100&panox=0&panoy=0&panow=100&panoh=100&width=1200&height=683

Using the admin password, you could be anyone and see anything

PWNED Welcome back to PWNED, the weekly column where we gather lessons from organizations that didn’t take security seriously enough. This week’s tale of woe comes from a company that left a door wide open for miscreants, but was lucky it didn't have to pay the price.

Have a story about someone leaving a gaping hole in their network? Share it with us at pwned@sitpub.com. Anonymity is available upon request.

Our story comes courtesy of a reader we’ll Regomize as Manny. A few years ago, Manny got a job working at a law firm. The firm used him to replace an entire team, making him the de facto IT department all by himself.

He soon discovered that all of the company’s data and applications lived in one large web-based interface, which was divided up based on the type...

Copyright of this story solely belongs to theregister.com. To see the full text click HERE

Read more