Sicherheit durch Transparenz: Usbekistan rulez!

Das funktioniert dann, wenn Passwörter offengelegt werden und man sofort sieht, das so ein Passwort unsicher, albern und, ähm, streng kontextbezogen ist. So sind die Sicherheitsworkshops auf Konferenzen, wo live der WLAN-Verkehr mitgeschnitten und öffentlich gebeamert wird, auch ignoranzbefreiend. Wollen wir hoffen dass es den betroffenen ~100 Botschaften in den genannten Staaten auch ein heilsamer Schock ist.

The list contains the login credentials for official email addresses belonging to some 100 foreign embassies from countries including Russia, India, Japan and Iran. They are used to conduct official, sometimes confidential business, from sending ambassadors‘ schedules to transmitting information relating to lost passports.
Click here to find out more!

The consultant, Dan Egerstad, says the list is only part of a much bigger problem that allowed him to gain credentials for more than 1,000 email accounts around the world, including at least one belonging to an employee of a company that generates more than $10bn in annual revenue. He declined to offer specific details for fear they would be misused by criminals.

„It will only take 10 minutes and every script kiddie is going to be using the exact same method,“ he told The Reg. „I’m probably not the first one grabbing these passwords, but I’m absolutely the first one publishing them.“ …

Egerstad’s list offers a rare glimpse into the password robustness, or lack thereof, of various countries. At the top of the list was Uzbekistan, where a typical password looks something like „s1e7u0l7c.“ Surprisingly, the ultra-secret Iran was near the bottom of the list; passwords for its various embassies tended to be the city or country in which the embassy resides. The Hong Kong Liberal Party used „12345678“ while one Indian embassy was simply „1234.“

Vom Register: Security SNAFU exposes email logins for 100 foreign embassies (and counting)