Information Security News mailing list archives
UK intelligence agency stores passwords in plain text
From: InfoSec News <alerts () infosecnews org>
Date: Tue, 26 Mar 2013 01:49:40 -0500 (CDT)
http://www.zdnet.com/uk-intelligence-agency-stores-passwords-in-plain-text-7000013113/ By Michael Lee Securify This! ZDNet.com March 26, 2013There are some government agencies that most would expect to have a fair grasp of security, even for those systems that are not core to their operations. That's what we thought with the Australian Tax Office's Publication Ordering System, but sadly, we were proven wrong.
University student Dan Farrall discovered that his UK government's communication headquarters (GCHQ) careers site has been sending back passwords in complete plain text. For those of us outside of the UK, GCHQ is one of Britain's intelligence agencies, dealing primarily with signals intelligence and charged with "safeguarding Britain's electronic communications and digital space".
It works with the nation's security services and secret intelligence services MI5 and MI6, and is thought of as the counterpart to the US National Security Agency or Australia's Defence Signals Directorate.
As Farrall pointed out on his blog, apart from the harm to its reputation, the sort of information that would be held within these systems would be significant.
[...] ______________________________________________ Attend #HITB2013AMS April 8th - 11th in Amsterdam. Featuring over 42 international speakers and keynotes by Bob Lord and Edward Schwartz http://conference.hitb.org
Current thread:
- UK intelligence agency stores passwords in plain text InfoSec News (Mar 25)