National: Voting machine vendor firewall config, passwords posted on public support forum | CSO
A sysadmin at a leading voting machine vendor posted a firewall configuration file, including passwords, into a public Cisco support forum in 2011, opening the company up to possible attack. The config files expose a wealth of information useful to an attacker, including domain name, hostname, and ASA version number. While there is no evidence that the voting machine vendor was compromised, this accidental leakage of information is “juicy intelligence,” Dan Tentler, founder and CEO of Phobos Group, an attack simulation security company, tells CSO. “If you have a crack team of cat burglar types and they’re all going to break into a building, this firewall configuration file is the equivalent of finding the floor plan of the building they are planning to break into,” Tentler says.