Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Unspoken Taboo - The Never Expiring Password

Posted by CowboyNeal on from the silent-threats dept.

anon writes "Every security savvy professional lives with the daily fear of the "never expiring password" being exposed. It's the unspoken taboo, the wide open back door in every corporate network. But no-one ever acknowledges it or discusses it. All applications have got pre-defined passwords that never change. Which means developers, privileged users and hosting third party service providers will all have access to these passwords."

30 of 537 comments (clear)

  1. I hate to do it.... by Strokke · · Score: 5, Funny

    but I feel the need to expose the world's most sophisticated software. The password....is "password"

    1. Re:I hate to do it.... by ppz003 · · Score: 5, Funny

      Really... My secret password is 1 2 3 4 5.

    2. Re:I hate to do it.... by techfury90 · · Score: 5, Funny

      That's the same combination as my luggage!

      --
      I'm friends with the youngest daughter of the former head of the PowerPC division of IBM you insensitive clod!
    3. Re:I hate to do it.... by passion · · Score: 3, Funny

      quick - what's the combination to the air shield?!

      --
      - passion
    4. Re:I hate to do it.... by kernelfoobar · · Score: 2, Funny

      "I knew it, I'm surronded by assholes!"

      --
      Here we go again!
    5. Re:I hate to do it.... by A+beautiful+mind · · Score: 2, Funny

      You obviously don't have the schwartz in you.

      --
      It takes a man to suffer ignorance and smile
      Be yourself no matter what they say
    6. Re:I hate to do it.... by double-oh+three · · Score: 5, Funny

      No no no, you don't jump straight to the combination on the luggage line. First comes the "that sounds like the kind of combination an idiot would have on his luggage" and then comes your line.

      Another +5 funny could have been milked from that joke, but noooo, you had to ruin it and skip a line.

      This ain't Soviet Russia ya know.

      --
      "For years, I struggled with reality... but I'm happy to say I finally won out over it." -- Elwood P. Dowd
    7. Re:I hate to do it.... by mrchaotica · · Score: 2, Funny

      You say that as if it's a bad thing -- what, do you want somebody's schwartz in you?!

      Never mind, I don't want to know!

      --

      "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

    8. Re:I hate to do it.... by doubtless · · Score: 4, Funny

      One of the funniest quote I read from bash.or goes something like this

      tech support: what's your password?
      user: ******
      tech support: .....
      user: really, it's ******. now you don't even know if i'm really stupid or really smart.

      --
      geek page at KY speaks
    9. Re:I hate to do it.... by Associate · · Score: 2, Funny

      Oh shit. There goes the whole thread.

      --
      Someone hates these cans.
    10. Re:I hate to do it.... by j-turkey · · Score: 5, Funny
      My favorite bash.org password quote:

      [Cthon98] hey, if you type in your pw, it will show as stars
      [Cthon98] ********* see!
      [AzureDiamond] hunter2
      [AzureDiamond] doesnt look like stars to me
      [Cthon98] *******
      [Cthon98] thats what I see
      [AzureDiamond] oh, really?
      [Cthon98] Absolutely
      [AzureDiamond] you can go hunter2 my hunter2-ing hunter2
      [AzureDiamond] haha, does that look funny to you?
      [Cthon98] lol, yes. See, when YOU type hunter2, it shows to us as *******
      [AzureDiamond] thats neat, I didnt know IRC did that
      [Cthon98] yep, no matter how many times you type hunter2, it will show to us as *******
      [AzureDiamond] awesome!
      [AzureDiamond] wait, how do you know my pw?
      [Cthon98] er, I just copy pasted YOUR ******'s and it appears to YOU as hunter2 cause its your pw
      [AzureDiamond] oh, ok.
      --

      -Turkey

    11. Re:I hate to do it.... by Schraegstrichpunkt · · Score: 2, Funny

      If someone mentions Hitler on Ice, does that invoke Godwin's Law?

      --
      http://outcampaign.org/
  2. Oh no! by Anonymous Coward · · Score: 5, Funny

    The locksmith just changed my locks! Did he keep a copy? Is he trustworthy? I don't know... Shit! All applications have passwords? Could someone tell me how to hack notepad? I forgot I needed a password. Someone must have left it unlocked on my rig. Probably a hacker.

  3. !seineew by Leebert · · Score: 5, Funny

    !seineew era sreenigne epacsteN

  4. Write your changing password on a Post-It by Anonymous Coward · · Score: 5, Funny

    After IT enforced monthly changing passwords requiring so many letters with numbers in between, now I write it on a post-it note and stick it on the monitor.

  5. Re:Hardcoded userids and passwords? by s1ashd0twh0r3 · · Score: 4, Funny
    What decade was this article written in? Who the hell 'hard codes' a user id and password into web based applications?

    It was written in 1972, back when all web-based applications were written in machine code. Don't you know anything about computer history?

  6. Re:All applications have what? by Dausha · · Score: 5, Funny

    "Huh? What applications have these?"

    Solitare, Minesweeper, Frogger.

    --
    What those who want activist courts fear is rule by the people.
  7. Re:guilty by Anne_Nonymous · · Score: 4, Funny

    >> adult hosting site. One day, just for the hell of it, I pulled out the top ten passwords.

    Drum roll please, Anton...

    10. Wank
    9. Jerk
    8. Milk
    7. Yank
    6. Spank
    5. Rub
    4. Beat
    3. Whack
    2. Jack
     
    ...and the number one porno password...

    1. Off

  8. Re:Missing facts, or the truth? by Sugar+Moose · · Score: 2, Funny

    ...that will give a cracker access...

    What makes you so sure he's white?

  9. The Password by Ruff_ilb · · Score: 5, Funny

    "
        Many years ago I was acting as the system administrator for a test system in a large publicly held company. Periodically I would receive a call from someone who had not accessed the system recently, forgot their password and locked themselves out trying to logon. I would look up their password and unlock the system for them and they would go on their merry way.

            One day I received a call from a young lady who was in just such a predicament. I looked up her password and informed her that it was 'DOME' and, just to be playful, told her the price for me being gracious enough to unlock her sign-on was an explanation of the meaning of her password. She became very embarrassed over the phone and pleaded that she could never reveal her secret. I of course replied that I would not give her system access until she did. After negotiating for several minutes she finally acquiesced but made me promise to never reveal her password meaning to any of her colleagues to which I gladly agreed.

            "Well, what does it mean?", I asked.

            She hesitated and then replied, "It's two words."

            There was pregnant pause. I unlocked her system and simply said, "Have a nice day".

    "

    --
    http://www.TheGamerNation.com/Forums
  10. Re:guilty by The+Amazing+Fish+Boy · · Score: 5, Funny
    how many of us computer-savvy are guilty of doing this for our login accounts, web banking, Email, etc? I know i am.

    Sadly, I am guilty of this as well.

    He wasn't kidding, folks!
  11. Re:COLO's the worst from experience scarly by Jaxoreth · · Score: 5, Funny
    As a rule as a admin you should constantly try cracking your own systems passwords, each one you get that user owes you beer. Least they can do for potentialy saving there job and your company.
    And don't invest in any firm whose sysadmin is constantly drunk...
    --
    In general, it is safe and legal to kill your children. -- POSIX Programmer's Guide
  12. Re:Revent case of that in Japan by Anonymous Coward · · Score: 5, Funny

    Couldn't they just intall locks?

    No, of course not. That would ruin the story.

  13. Fluffy by quokkapox · · Score: 4, Funny
    The best security strategy is to simply use your cat's name as your password.

    As long as you rename your cat frequently.

    I just wish z8gderfgh wouldn't claw the furniture all the time.

    --
    it's a blue bright blue Saturday hey hey
  14. Re:Hardcoded userids and passwords? by Khashishi · · Score: 3, Funny

    Simple.
    Don't store the password in a text file. Put the database login and password in a database. Then put the login and password for that database in another database. And so on.

  15. Smell brand computers... by Anonymous Coward · · Score: 2, Funny

    "Every security savvy professional lives with the daily fear of the "never expiring password" being exposed. It's the unspoken taboo, the wide open back door in every corporate network. But no-one ever acknowledges it or discusses it.

    My favorite is the one Dell forces onto corporate customers so they can support them:

    Username: admindell
    Password: delladmin

    All applications have got pre-defined passwords that never change.

    All is a pretty strong word. It kinda makes that sentence complete horse shit.

  16. I did once work by void+bear(void) · · Score: 2, Funny

    for a company which handled a LOT of oil industry data. They had a windoze domain admin account for sophos to do it's stuff to all the pcs. The password was 'antivirus' an audit team got it on their third guess.

  17. My password is my cats name... by felixdzerzhinsky · · Score: 2, Funny

    Its been said previously on /. that the best thing to do is make your password the same as your cats name. Mine is 25@jDWQ0! and I change her name every thirty days.

    --
    "Flags are bits of colored cloth that governments use first to shrink-wrap people's brains..."
  18. Re:guilty by thebiggs · · Score: 5, Funny

    My password is a 256 character random string intialized by digitizing the braying of six donkeys on a semi-daily rotating basis. Once the braying is digitized, and the seven-factor hash table is used to generate the string, it is transfered via secured lasercable to the memory unit of a Sony Aibo. The Aibo has been specially modified with a woodburning unit, and the password is then burned onto a piece of burnished cherry wood, which I am then allowed to view for exactly twelve seconds before it is ground into a very fine sawdust.

    All of this takes place behind a triple-secure double-blind firewall, inside a bunker which is encased in twenty-three feet of reinforced concrete and surrounded by a moat with biometrically activated piranhas.

  19. Re:guilty by hal200 · · Score: 2, Funny

    You actually trust the SONY Aibo?

    --

    I just want to take over the world...Why does that automatically make me EVIL?