Daily Archives: 2007-02-25

(In)security at the University of Birmingham

I travelled to the University of Birmingham on Friday to give a guest lecture to their undergraduates on Anonymity and Traceability. It was given in a smart new lecture theatre, which had what Birmingham apparently call a lectern PC at the front with buttons to give the speaker control of the room’s AV devices and lighting, along with a proper PC running various Windows applications, so you can plug in your USB flash drive and display your material.

As you can see from the photo, they have a rather trivial security model for using this PC:

Birmingham Lectern PC with text “Username=user” and “Password=user&2006″

The text (apologies for a rather fuzzy photo) says: "Username=user" and "Password=user&2006".

With a little thought, it can be seen that most likely this isn’t really a security issue at all, but a software design issue. I rather suspect that there just isn’t a way of turning off the login function, and the PC can’t be used to access any other important systems — and no-one wants to see lectures delayed if the password isn’t to hand. That’s undoubtedly why they’ve used proper Dymo-style tape for the information, rather than relying on the traditional yellow sticky, which could get lost!