Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bad Password Allowed Swedish Watergate

Posted by ryuzaki0 on from the thats-why-my-password-is-swordfish dept.

fredr1k writes "The Swedish Watergate reported earlier this week was possible because of the usage of terrible weak passwords (Swedish) and a not functional IT policy. The Swedish newspaper Göterborgs-Posten reports the source of the password was a partymember who's account was "sigge" with password "sigge" and was "stolen" in march this year. Seasoned Slashdot readers would call it "a-not-so-hard-to-crack-password". "

19 of 248 comments (clear)

  1. Incredible! by Guaranteed · · Score: 5, Funny

    I've got the same password on my briefcase!

  2. Effective PW by oahazmatt · · Score: 5, Funny

    Let's not forget the user who actually had a decent password.

    uid: schef
    pwd: mmborkburdyhurdymurdy

    --
    Those who believe the Internet is private,
    find their privates are on the Internet.
  3. Many theories about leaked passwords by pipatron · · Score: 5, Informative

    There are atleast three ways this password could have been found. a) My brother lives in the town where these passwords were leaked, and he said that their office use unencrypted WLAN. b) The guy who presumably leaked it is in the office right next to the guy called 'Sigge'. c) As the article thinks: The password was very easy to crack. The latest rumour is that the guy who leaked the password (the left party) had a homosexual affair with the guy who *used* the password (the right party).

    --
    c++; /* this makes c bigger but returns the old value */
  4. Re:Hmmm... by carpeweb · · Score: 5, Funny

    Seasoned Slashdot readers
    vs.
    snotty-nosed 11-year-old

    So, why was this not modded redundant??

    Aw, c'mon folks, let's laugh at ourselves once in a while ...

  5. Honestly unsurprising by mendaliv · · Score: 5, Insightful

    They're politicians, not security experts. I hear about this sort of problem all the time... in my own workplace, we talk about the people on the 3rd floor with their one-character passwords and machines that are hacked into on a daily basis.

    In the end of course, the system administrator is going to catch heat for not having a strong password policy. Even though he/she would've caught hell if there had been one implemented in the first place.

    1. Re:Honestly unsurprising by hazem · · Score: 5, Insightful

      In the end of course, the system administrator is going to catch heat for not having a strong password policy. Even though he/she would've caught hell if there had been one implemented in the first place.

      This is where the sysadmin has to figure out how to make a convincing argument that the suits will understand. If he thinks a strong password policy is important, that is.

      Suits aren't security experts, and they don't need to be. In fact, they're not necessarily experts in everything/anything. That's where the sysadmin needs to learn the same skills that everyone else uses to influence them. Make a case, with pros and cons, costs and benefits and make a proposal. It doesn't have to be extensive. I just has to have the information needed to make a decision.

      Then, let them make the decision. If they say "yes", then you have their backing when enforcing an unpopular policy - and they're already in the know when people complain. If they say "no"... well, you've covered your backside, or if you really believe it in, you need to make a more convincing case.

      It's not black magic... but so many IT folks are either unable or unwilling to talk to non-IT decision-makers in a way that gets them to make favorable decisions. It's an important skill.

  6. Other passwords of note. by Tackhead · · Score: 5, Funny
    President Scroob: 12345
    President Nixon: iam!acrook
    President Clinton I: hopemyhusbanddoesntfindoutaboutthepassword
    President Bush I: anybodybutmysons
    President Clinton II: wishmyhusbandtoldmemonicawasbi8yearsago
    President Bush II: 12345
    President Quayle I: potatoe

    Don't blame me for that last one. My password was "colbertstewart2012".

  7. Password? by madshot · · Score: 5, Interesting

    Here is the real question.. Is it a USER problem or an ADMINISTRATOR problem. Sounds like they need to hire a new IT director with a since of security. If that IT director allows passwords like that he probably also is running a firewall hosted in a Windows XP Pro machine and ICS and no service packs or hot fixes. All of the internal IP addresses are 192.168.x.x because of ICS so I'm sure the server is .1. Heck, the director might have even turned on Remote Desktop Administration on the box so he could manage it from home without a VPN and the administrator accounts password on that box is either blank, password, or god. Well, best of luck to their director or whomever is in charge of their computer network.

    --
    Obama = Socialism.
  8. Seriously by Psionicist · · Score: 5, Informative

    This is non-news. What happened was a member of the Social Democrats youth section _gave_ a username and password to a former member in the Liberal Party (which are not liberal at all BTW) youth section, around 2005! Of course, as the Social Democrats are about to lose the election (september 17th) they use this "news" to spread some primitive form of political FUD about the opposition.

  9. Re:Hmmm... by Rob+T+Firefly · · Score: 5, Funny

    That rattling sound you hear is everyone on Slashdot changing their passwords at once.

    --
    Slashdot Burying Stories About Slashdot Media Owned
  10. password tips by digitalderbs · · Score: 5, Funny

    This is a good opportunity to outline a few tips for strong passwords. For example, I use my username twice and the number of states as my password.

    1. Re:password tips by digitalderbs · · Score: 5, Funny

      I, digitalderbs, Is a COMPL3TE iDiOT AND MorON!1!!111 OMG.

      I also have small reproductive organs!11!

  11. Re:End user password selection by Zadaz · · Score: 5, Insightful

    And I'm sure a vast increase on post-it notes with cryptic characters stuck on monitors and backs of keyboards.

  12. Re:Password by grazzy · · Score: 5, Funny

    Since they spelled Göteborg wrong, yeah, it'll be a damn good password.

  13. Swedish passwords by MadFarmAnimalz · · Score: 5, Funny

    Yes, Swedish passwords are weak. We Danes have known this for many years; it is inevitable given that the average number of syllables per word in Swedish is 1.22 (scientific studies have shown it!).

    "sigge", a duosyllabic password, is an indication that the user was a member of the upper strata of Swedish society, with Abba and Ace of Base.

    (NB: I can handle pissed off Swedes, but not moderators lacking the humor gene)

    --
    Blearf. Blearf, I say.
  14. A little joke by SlashGet · · Score: 5, Funny

    - What's the opposite to firewall? - Watergate

  15. Re:End user password selection by tygerstripes · · Score: 5, Interesting
    Can't remember where I read it (prolly /.), but there was an article that gave a very convincing argument to the effect that changing your password every month is totally without benefit. It's a common-rule-of-thumb kind of practice that has been handed down from admin to admin for years, probaby from early Unix days, and doesn't have any useful purpose anymore.

    Incremental-number passwords are an inevitable side-effect of this sort of policy and, even where password policy is more carefully implemented, the fact that average-joe users have to change it monthly anyway is a chore that WILL lead to short-cuts and, ultimately, weak passwords (or rather, associative passwords that are easy to infer after a little observation).

    Try just having a very strict policy on passwords, and scrapping the regular-change part of it. People can be imaginative and obscure once, but ask them to do it regularly and they get sloppy.

    --
    Meta will eat itself
  16. Re:Hmmm... by beef3k · · Score: 5, Funny

    "kinda strong" eh? That should be easibly crackable with a simple dictionary attack.

  17. Re:Hmmm... by kalirion · · Score: 5, Funny

    Pffft, nobody can guess my password, 'hunter2'. I know you only see '*******' there, but I actually typed in my real password. This is one feature I'm really glad Slashdot stole from IRC.