MarkMaunder dot com

NASA's little security oops

October 10, 2009 | mark | NASA

Last night I logged on to NASA’s Mauna Kea observatory live video feed to watch LCROSS slam into the moon. After LCROSS was finished pancaking into the moon and not producing the expected 6 mile plume, I noticed an IP address flash on the top right of the video display. So I hit it with a web browser. I found this:

NASA videoconf system

The big green button was begging to be hit, so I did. And up came a directory:

Picture 4

So I made a call and holy crap the video feed for Mauna Kea stopped and switched to the call I was busy making.

Making NASA call

So I called “Bob’s Office” and watched Bob at his desk for a while, then I called something else and these guys showed up on the feed:

Picture 6

At at this point sanity took over and I realized I’m controlling a federal government video feed that probably still has a few hundred people logged on. So I Googled around for as many email addresses as I could find at AMES Research Center (@mail.arc.nasa.gov) and emailed them to let them know about their open feed. Of course NASA engineers are very busy and probably speak in formulas anyway, so they didn’t reply. But today thankfully the feed is password protected.

Leave a Comment

Your email address will not be published. Required fields are marked *

My name is Mark Maunder. I've been blogging since around 2003 when I started on Movable Type and ended up on WordPress which is what I use to publish today. With my wife Kerry, I'm the co-founder of Wordfence which protects over 5 million WordPress sites from hackers and is run by a talented team of 36 people. I'm an instrument rated pilot and I fly a Cessna 206 along with a 1964 Cessna 172 in the Pacific Northwest and Colorado. I'm originally from Cape Town, South Africa but live in the US these days. I code in a bunch of languages and am quite excited about our emerging AI overlords and how they're going to be putting us to work for them.