Oops - SF prosecutors put city passwords on public record San Francisco prosecutors have put the city's network at further risk by placing access passwords and usernames on the public record as part of their case against Terry Childs, the sysadmin alleged to have hijacked the city's wide area network. A list of 150 usernames and passwords of city officials was submitted to court as …
I thought that too, I read something somewhere about a co-worker saying he was very good at his job, but a little over-zealous about protecting his network.
If the passwords and usernames are now public so soon after he coughed them up it should prove that he was dead right in being so protective in the first place.
[quote]Childs could use the names and passwords to "impersonate any of the legitimate users in the City by using their password to gain access to the system,"[/quote]
Yes, but the questions is, "did he?"
Check the logs people... if you can figure out how.
Admins in poorly structured environments often find themselves in possession of privileged information they don't need to do their job. It is amazing how willingly and frequently some end-users will give up passwords without even being asked.
Email received: "I need help with my VPN. My user name is mdouglas and my password is salguodm. Please fix ASAP!"
Can he help it if some people are morons? Isn't that the point of his defense?
Yes, they are proving his point by doing what they did... I hope his lawyer seizes the opportunity.
Unfortunately, the jurors may be just as technically illiterate as the city managers...
Paris Hilton knows more about Information Security than these guys.
So they went from nobody being able to access the network to anyone who stumbled across the court records before they were amended being able to access the network? Mr Childs would be justified in saying "told ya so" right about now.
Mine's the one with "Free the San Francisco One" stenciled on the back.
I don't really blame this guy - LOOK WHAT SF DID !!! put the user names and passwords on PUBLIC records?!!?!? What a bunch of dweebs!!!
I guess that this guys fear of the SF city not using the info correctly - was right!!!!
I mean come on - how many of those passwords where even changed after they where on public record? Not many of them, and if so - not changed very much!!
If the darn city can not keep themselves from publishing the info - how are they going to store them? Whom else now has access? - DUH people!
Remember that the "the four most-used passwords are: love, sex, secret, and..." - Hackers - the movie ( thanks IMDB)
America is so great, powerful so IT literate that the grave mistake they make is in their network architecture design, then they let some guy have control over the *entire* network, then they prosecute him and release the passwords in public documentation.
How stupid can this country and its people be?
Bring back WOPA, it could do a better job.
Think The Judge was locked out of his network for a few days? Maybe?
Being a former consultant for a municipality, You are the stool to the Cities noose when in that position. You have too much, WAY too much power over such a network. Part of the reason I stopped. Lacks of checks and balances, and if you try and give them checks and balalnces, they get scared.
Childs (who was responsible for the security of the network) is charged for refusing to provide admin credentials without a justified need, while city officials are not charged for providing the credentials to the world + dog!?!?!
Oh the irony
I hope Childs has a good lawyer who can capitalize on their stupidity as I hate to see someone penalized for following industry "best practice".
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
