Slashdot Mirror
Bad Password Allowed Swedish Watergate
fredr1k writes "The Swedish Watergate reported earlier this week was possible because of the usage of terrible weak passwords (Swedish) and a not functional IT policy. The Swedish newspaper Göterborgs-Posten reports the source of the password was a partymember who's account was "sigge" with password "sigge" and was "stolen" in march this year. Seasoned Slashdot readers would call it "a-not-so-hard-to-crack-password". "
Seasoned Slashdot readers would call it "a-not-so-hard-to-crack-password".
I would have thought a snotty-nosed 11-year-old would regard that password as not-so-hard-to-crack. Oh well, nothing to see here, move on please...
I've got the same password on my briefcase!
Let's not forget the user who actually had a decent password.
uid: schef
pwd: mmborkburdyhurdymurdy
Those who believe the Internet is private,
find their privates are on the Internet.
There are atleast three ways this password could have been found. a) My brother lives in the town where these passwords were leaked, and he said that their office use unencrypted WLAN. b) The guy who presumably leaked it is in the office right next to the guy called 'Sigge'. c) As the article thinks: The password was very easy to crack. The latest rumour is that the guy who leaked the password (the left party) had a homosexual affair with the guy who *used* the password (the right party).
c++;
The Swedish newspaper Göterborgs-Posten reports the source of the password was a partymember who's account was "sigge" with password "sigge"
My next password is going to be Göterborgs-Posten.
Try cracking that.
They're politicians, not security experts. I hear about this sort of problem all the time... in my own workplace, we talk about the people on the 3rd floor with their one-character passwords and machines that are hacked into on a daily basis.
In the end of course, the system administrator is going to catch heat for not having a strong password policy. Even though he/she would've caught hell if there had been one implemented in the first place.
This is all too common in many places. One company I worked for, about.. 1/3 to 1/2 of the users used some form of their name, and a number incrementation. I freaked out one who was *-18 asking him.. "so, you've been here a year and a half?" He had no idea how I did the math on that one.
Eventually, we put in place a very, very restrictive password policy. No incrementing numbers, no password similar to last month's password, etc. You wouldn't believe the riots in the streets. But, we held firm, and eventually, the noise died down, and everyone finally is using more secure passwords.
{} ------ When I think of a good sig, I'll put it here
President Nixon: iam!acrook
President Clinton I: hopemyhusbanddoesntfindoutaboutthepassword
President Bush I: anybodybutmysons
President Clinton II: wishmyhusbandtoldmemonicawasbi8yearsago
President Bush II: 12345
President Quayle I: potatoe
Don't blame me for that last one. My password was "colbertstewart2012".
Here is the real question.. Is it a USER problem or an ADMINISTRATOR problem. Sounds like they need to hire a new IT director with a since of security. If that IT director allows passwords like that he probably also is running a firewall hosted in a Windows XP Pro machine and ICS and no service packs or hot fixes. All of the internal IP addresses are 192.168.x.x because of ICS so I'm sure the server is .1.
Heck, the director might have even turned on Remote Desktop Administration on the box so he could manage it from home without a VPN and the administrator accounts password on that box is either blank, password, or god.
Well, best of luck to their director or whomever is in charge of their computer network.
Obama = Socialism.
This is non-news. What happened was a member of the Social Democrats youth section _gave_ a username and password to a former member in the Liberal Party (which are not liberal at all BTW) youth section, around 2005! Of course, as the Social Democrats are about to lose the election (september 17th) they use this "news" to spread some primitive form of political FUD about the opposition.
You know, in my department we've found that a great way to introduce users to more complicated passwords is to introduce them as keyboard pattern passwords.
;)
Of course we have complexity requirements, but it's amazing how a user can find a way to simplify a complexity requirement. Think a user unknowledgeable, but never think a user unclever - I always say...well, actually that's the first time I've said that...back to my point.
While these patterned passwords may not be as hard to crack as truly random passwords, they are at least non-semantic.
for example 1al02sk93dj8 - I imagine this password is probably pretty common, but if it were scrawled on a stickynote on someones monitor it would discourage causual account browsing by a coworker.
Does anyone know if brute-force methods take into account keyboard patterning?
by the way 1al02sk93dj8 is not my accounts password - so don't even think about trying it!
My Computer Music Tutorial Videos
This is a good opportunity to outline a few tips for strong passwords. For example, I use my username twice and the number of states as my password.
Yes, Swedish passwords are weak. We Danes have known this for many years; it is inevitable given that the average number of syllables per word in Swedish is 1.22 (scientific studies have shown it!).
"sigge", a duosyllabic password, is an indication that the user was a member of the upper strata of Swedish society, with Abba and Ace of Base.
(NB: I can handle pissed off Swedes, but not moderators lacking the humor gene)
Blearf. Blearf, I say.
From what I understand (having trouble understanding the laymensterms of daily tabloids) it was also a completely open wifi network.
- What's the opposite to firewall? - Watergate
From TFA: Själv tycker han inte att han handskats ovarsamt med sina inloggningsuppgifter. Translation: My hovercraft is full of eels!
Anyone else use the post-it-on-the-monitor as a booby trap? If anyone uses the post-it password on my monitor it sets off a series of security cascades that culminates with me getting a picture of them on my phone.
One day I hope to catch someone other than a janitor trying to surf porn. =P
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
mine is 12345. Nobody would ever guess that one. It's a password only an idiot would put on his luggage.
Captain: You know what you doing.
Captain: Move 'sigge'.
Captain: For great justice.
Seasoned Slashdot readers probably use zig:zig on BugMeNot and other "social" logins. I guess it just translates different in Sweden, kinda cute even... mental images of the Swedish Chef singing AYB.
I8-D
Many of us swedes thinks this was a planned event where the login was "leaked" to the opposition by purpouse. The swedish social democrats would probably stop at nothing to keep in power. The person who did the breakin (Per Jodenius) was a former Social Democrat. This person is from the same town (Växjö) and local Social Democrat Youth member in the same circuit as the journalist ( Fredrik Sjöshult )who blowed the whistle. The fact that this happened just hours after the leading party (from the polls) had his turn in the national TV is to much for it to be a coincidense.
Ugly indee and not very democratic.
Its like, if you hassled a country for not being democratic and then imposed sanctions on them for choosing the wrong people in the votings....oh, wait..
HTTP/1.1 400
My suitcase goes to 11.
True confidence comes not from realising you are as good as your peers, but that your peers are as bad as you are.
but I'm first!!!!