Re: Police secret password blunder

[Anthony Rodgers <cunningpike () gmail com>]

That this is shoddy programming is beyond question, but only if the  
users concerned reused their high-security network passwords to sign  
up for an external mailing list is this a genuine security issue, in  
which case is it the cluefulness or lack thereof of the users that is  
the real security issue.
--
Anthony Rodgers
cunningpike () gmail com

"Genuinely objective journalism not only gets the facts right, it  
gets the meaning of events right. It is compelling not only today,  
but stands the test of time. It is validated not only by 'reliable  
sources', but by the unfolding of history. It is journalism that ten,  
twenty, fifty years after the fact still holds up a true and  
intelligent mirror to events." - T.D. Allman.


On 5-Apr-06, at 9:51 AM, Brian Loe wrote:

> At least they've gotten rid of the page...now you have to go by the
> cached page. :)
>
> On 4/5/06, Jeff Rosowski <rosowskij () ie ymp gov> wrote:
> > > Why stop there? It gets better if you are a little more patient:
> > > http://www.google.com/search?q=%22View+TABLE%3A%22+ID+%22Full+Name 
> > > %22+email+password+Organization+site% 
> > > 3Acustomscripts.police.nsw.gov.au&btnG=Search
> > >
> > > Hey, Nicole and Webb have the same password as me!
> >
> > I'm still wondering why the passwords were being stored as plain  
> > text.
> > _______________________________________________
>
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.