Information Security News mailing list archives
Ex-CTA employee reported a security glitch, then he was fired, lawsuit alleges
From: InfoSec News <alerts () infosecnews org>
Date: Thu, 5 Dec 2019 08:20:44 +0000 (UTC)
https://www.chicagotribune.com/business/transportation/ct-biz-cta-bus-system-lawsuit-bus-alerts-20191204-hk4aydeo2jah5icvfnj24a4e2a-story.html By Mary Wisniewski Chicago Tribune December 4, 2019A former CTA computer programmer has sued the agency, alleging that he was forced to resign for pointing out a security flaw in the bus alert system.
Christopher George Pable, 34, of the Austin neighborhood, filed a whistleblower complaint against the CTA and technology company Clever Devices Ltd., a CTA contractor from Woodbury, New York, in federal court in Chicago this week.
Pable had worked on CTA’s information technology systems, including a Clever Devices system called “BusTime” that broadcasts alerts about buses to the public, the lawsuit says. BusTime provides estimated arrival times and alerts to riders, such as when a bus has to be rerouted. Customers get alerts through emails, on the CTA website or via electronic signs in stations.
Pable discovered a security flaw — or “skeleton key” — in BusTime that could allow unauthorized access into the system, the lawsuit alleges. Pable told his supervisor, Michael Haynes, who decided to test the skeleton key by issuing an alert on the Regional Transit Authority for Dayton, Ohio, which also had BusTime, the lawsuit alleges.
[...]
-- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ https://twitter.com/infosecnews_
Current thread:
- Ex-CTA employee reported a security glitch, then he was fired, lawsuit alleges InfoSec News (Dec 06)