It seems that Internet security often isn't. MIT's Technology Review reports:
You probably haven’t heard of HD Moore, but up to a few weeks ago every Internet device in the world, perhaps including some in your own home, was contacted roughly three times a day by a stack of computers that sit overheating his spare room. “I have a lot of cooling equipment to make sure my house doesn’t catch on fire,” says Moore, who leads research at computer security company Rapid7. In February last year he decided to carry out a personal census of every device on the Internet as a hobby. “This is not my day job; it’s what I do for fun,” he says.
Moore has now put that fun on hold. “[It] drew quite a lot of complaints, hate mail, and calls from law enforcement,” he says. But the data collected has revealed some serious security problems, and exposed some vulnerable business and industrial systems of a kind used to control everything from traffic lights to power infrastructure.
. . .
Over 114,000 of those control connections were logged as being on the Internet with known security flaws. Many could be accessed using default passwords and 13,000 offered direct access through a command prompt without a password at all.
Those vulnerable accounts offer attackers significant opportunities, says Moore, including rebooting company servers and IT systems, accessing medical device logs and customer data, and even gaining access to industrial control systems at factories or power infrastructure.
. . .
Moore believes the security industry is overlooking some rather serious, and basic, security problems by focusing mostly on the computers used by company employees. “It became obvious to me that we’ve got some much bigger issues,” says Moore. “There [are] some fundamental problems with how we use the Internet today.” He wants to get more people working to patch up the backdoors that are putting companies at risk.
There's more at the link.
It's almost unbelievable to think that so many of the control mechanisms for networks society takes for granted - including power grids, water circulation, sewage disposal, railway control units, traffic control centers, and so on - use completely unsecured systems that anyone can access in this way. Why terrorists haven't yet taken advantage of so elementary an error, I really don't know . . . but I'm profoundly grateful!
I think this might be a very good 'litmus test' to assess those in charge of our security establishment. Never mind their (usually self-proclaimed) 'successes' in combating terrorism, or seizing drugs, or what have you - what have they done, and what are they doing, to secure the basic infrastructure on which our society depends? If the answer's not satisfactory, then neither are they - and they should be replaced, at once if not sooner.