Security Corner

Aug 19 2009   2:04AM GMT

Passwords, Again



Posted by: Ken Harthun
Tags:
Hacking
Microsoft Windows
Password
Secure Computing
Security
Security maxim

The Sydney Morning Herald reports, “Hackers break into police computer as sting backfires:”

An Australian Federal Police boast, on the ABC’s Four Corners program, about officers breaking up an underground hacker forum, has backfired after hackers broke into a federal police computer system.

Well, if you read the article, you’ll see that they use the term “broke into” rather loosely. It wasn’t much of a break-in as one of the hackers wrote on a forum post:

The hacker wrote ‘I couldn’t stop laughing’ on seeing that the federal police’s server was running Windows, which is known among hacker communities for being insecure. Police had also ‘left the MYSQL password blank’.

No password! Absolutely ridiculous. These are the police, people responsible for security on many levels, and they don’t even put a password on their database? Unbelievable.

People, come on; there’s only one thing worse than having a weak, easily guessable password and that’s having no password at all. I can see why the hacker was in stitches; stupidity is often funny, especially when exhibited by people who should know better.

Let me repeat Golden Rule of Computer Security #1: The best security measures are completely useless if you invite attackers into your PCs or networks.

No better invitation than an open door, is there?

2  Comments on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • MichaelSeese
    My guess would be they don't have an IT (or an infosec) guy. Heavens, I hope they don't have an infosec professional who doesn't know to look for default null passwords. Most likely, their sysadmin is "Dave, who is pretty good with computers." -- Michael Seese, author of [A href="http://www.amazon.com/Scrappy-Information-Security-plain-English-Biometrics/dp/1600051324/ref=sr_1_1?ie=UTF8&s=books&qid=1245928166&sr=1-1"] Scrappy Information Security
    0 pointsBadges:
    report
  • Sapran
    Vampires require more special invitation. This server was secure at least from vampires.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: