Hacked French TV network rep interviewed with more social media passwords in background http://t.co/KMK68zYtPf pic.twitter.com/YXyXsiM5LT
— pourmecoffee (@pourmecoffee) April 10, 2015
Popehat retweeted this pourmecoffee tweet. The link goes to Ars Technica
An earlier story I read the station manager lauded their own security precautions and their firewalls bragging about having just been audited for security and the assurances received that their protection is the best available. So this is really serious and professionally executed violation. There they are smug in their own top security claiming even that isn't sufficient while televising their passwords.
4 comments:
I used to think that Post-It notes were the greatest thing since sliced bread but nowadays I don't even think that sliced bread is all that great so I really don't know what else to tell you.
Before I retired from working for DOD/DA having your various ID codes and Passwords written down and kept anywhere other than your wallet was potentially firing offense. I had some 10 ID's and Passwords for various servers, that I had to change every 90 days or less, so memorizing wasn't always easy...but you were expected to keep them secure by at least being in your wallet....that way they were with you and not available to anyone else 24/7.
Those of us who had tele-work permissions needed them with us for use of our VPN access.
The days of tapping such information on the bottom of a stapler , or telephone, or under whatever (very common back in the day) were long gone by late in the year 2001. When IT security came through the office you were in first thing they did was check staplers, telephones, inside of cabinet doors, desk drawers, etc.
Actually it was more than 10...here's the list I recall:
CAC Card - Building Entry
CAC Card - Office Entry
CAC Card - Computer Sign-On [local server]
VPN account - remote access off site
Global Server 1
Global Server 2
Global Server 3
Global Server 4
That's 8 sites/applications with distinct ID & Password codes for each = 12 codes. CAC code ID's & VPN ID's remained the same, but the Passwords were different for the applications of it. Each Global Server had its own ID's and Passwords...usable only after signing on via CAC card access for your computer or your VPN access remotely. Thus the 8 = 12 bit. And they changed every 90 days or less. Your CAC card was also your US Army physical ID, that could be "read" by a reader slot, or examined by a guard.
So yeah I get why folks need to write them down, but post them on a wall...please.
Post a Comment