[EAS] EAS Zombie Attack

[Alex Hartman]

Sigh...

I hate to do it, but "i told you so" seems fitting.

The EAS system with an ethernet port is just a simple bad idea.
They're made by broadcasters, not IT experts. The login system to the
EAS boxes should be a shared-key system, and ALWAYS be behind a
competent firewall or at the very least a NAT box with no open ports
going to it to protect it. Using passwords has always been inherently
insecure, even using HTTPS that password can still be sniffed by a
simple man-in-the-middle attack.

I would petition the BWWG that some standard be implemented (and
required) to force the end user to create an absolutely random
password, and the box "expire" those passwords after "X" number of
days...

Show of hands to those who are still using their same passwords from
10 years ago?  Or have a "standard" password for administrative
functions at the station?

I'm guilty of both those things as well.

--
Alex Hartman