Tuesday, July 20, 2010

Dinosaurs [in the county court]

So ... I was in the Cook County Court in Rolling Meadows, IL Monday morning.

The reason doesn't matter ... OK, I had a "great driver" citation I had to take care of ... but as I was called up to the counter I started getting that sinking feeling in the pit of my stomach.

As I glanced over to my left, as she was typing, I noticed a few things.  First, her machine was running Windows XP, which I guess isn't all that bad considering the pace of change in local government and technology.  I mean, didn't they just get off of rotary phones like last year?

Next, I noticed that the screen she was typing into was one of those emulated VT100 screens, running some proprietary terminal application connected to a server at 10.100.101.98 on port ...*facepalm*... port 23.

That's right kids, this was my vehicle and drivers history all at her fingertips over telnet.

Now - before I freaked out I reminded myself that this was a closed-ended network ...and that it was probably pretty hard to get onto their network... that is until curiosity got the best of me and I turned my iPhone's WiFi antenna on... and found that there were 4 networks in range, one appropriately titled "Clerk_Gen" running ...wait for it ... WEP encryption.

Alright, I stopped short of hopping onto their network and connecting to that VT100 terminal to find anything I could  ... but how hard would that be?  I mean, seriously?  They're using telnet obviously clear-text and they're using WEP encryption for their wireless access points?

I give up.

2 comments:

Chris said...

Moral of the story: Chicagoland blackhats don't get speeding tickets...

Go take a look at the version of Oracle portal that's running iPass some time...

Joseph Katz said...

you are making one very large assumption. That what ever unix box running their database is connected to the wireless network. My guess would be no. When I worked for the state, we had wifi but it was only for external connections. Networked hard drives, databases etc were only accessible via LAN.

Don't get me wrong, they were hot on security, it was just different contracts. Internet was outsourced.

Google+