CCIE Pursuit Blog

July 29, 2008

SF Network Admin: The Buffoonery Never Ends

Filed under: OT: Humor — cciepursuit @ 8:56 am
Tags:

I though that this piece of the absurd theater had come to an appropriately bizarre ending when Terry Childs gave up his passwords to the mayor of San Francisco, but I was wrong.  Today we find out that the SF DA has made a bunch of usernames and passwords available to the public (ht: jamessmith24):

The office of San Francisco District Attorney Kamala Harris has made public close to 150 usernames and passwords used by various departments to connect to the city’s virtual private network.The passwords were filed this week as Exhibit A in a court document arguing against a reduction in US$5 million bail in the case of Terry Childs, who is accused of holding the city’s network hostage by refusing to give up administrative networking passwords. Childs was arrested July 12 on charges of computer tampering and is being held in the county jail.

Though they placed the passwords in the public record, city prosecutors do seem to think that they are sensitive.

The passwords, discovered on Childs’ computer, pose an “imminent threat” to the city’s computer network, according to the court filing. Childs could use the names and passwords to “impersonate any of the legitimate users in the City by using their password to gain access to the system,” the motion against the bail reduction states.

Although the DA’s office did not say what the passwords were used for, a source familiar with the situation said that they are for logging into the city’s virtual private network, and that this type of information is something that a network administrator like Childs would be expected to have.

Posting these passwords in public creates a security risk, although the passwords are not enough to give a criminal access to the city’s VPN. The passwords are so-called “phase one” passwords, and must be combined with a second password to access the network, the source said.

—Read The Rest Here—

I’m not going to pretend to be a security expert, but even if these area only “phase one” passwords, I would think that it would give hackers a nice leg up on their work.  Why do I get the feeling that the “phase two” password is just NT authentication?  :-)

Of course, even the most half-assed IT department would have required that all users change their passwords once the whole Terry Childs drama began, so everything should be alright, right?  ;-)

About these ads

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 112 other followers

%d bloggers like this: