Digital vandals changed an electronic traffic sign on the Palmetto Expressway in Northwest Miami-Dade county to read “NO LATINOS NO TACOS.” According to NBCMiami.com, the sign was altered sometime early Tuesday morning. By 6 AM, the Florida Highway Patrol and a road crew were working to reset the sign’s message and had turned the sign away from the road.

This isn’t the first time someone has hacked the message on a highway sign. In January 2009, vandals in Austin, Texas changed a sign’s message to read “ZOMBIES AHEAD.”

Lax physical and poor password security

Both incidents should drive home the importance of two fundamental IT security measures–limiting physical access and changing a systems default administrative password.

According to I-hacked.com, road crews routinely fail to lock the access panel which protects a sign’s control pad. And even though the pads are often password protected, many people leave the system’s default admin password in place. And even if the password has been changed, digital miscreants may be able to reset the admin password back to the default with a few keystrokes.

Lax physical security, poor administration, and an easily resettable password made this highway signs an easy target.