Recurring Decimals…..

Everything here is irrelevant

The case for tighter passwds

with one comment

I often get irritated when the IT people at work insist I need to change my e-mail/account login passwords every three months, or when they require it to have combination of numbers, characters etc. But seems like a good idea now, considering this report on Indian Express (via), about a hacker site that has revealed the passwords for 100 governmental organizations and embassies from around the world ! Included in them are embassies of India in Germany, China and USA, as well as the DRDO and the Indian National Defense Academy!!

According to the Indian Express and an independent source, these passwords and accounts actually work – so this is not a hoax. What is troubling though is how absurdly simple some of these passwords are. Consider the password for Indian embassies in China and USA: ‘1234’ !!!!! Or the account for DRDO, ‘password+1’ !

What is worse though is that sources tell me at least one of these passwords is still active. No one has bothered to change it yet.

One can only hope that nothing much in the nature of sensitive or confidential information is being exchanged through these email accounts. For the Indian embassies, it looks like the generic e-mail address, possibly used mostly for people inquiring about consular processes etc (perhaps now, some of those e-mails will get answered 🙂 ).

———————————————————————–
PS – If you want to try accessing these accounts, you are at your own risk.
Even though it is a fault of the respective organizations for failure to secure their e-mail accounts, accessing them without permission is still illegal.

PS2: The Indian Express article seems to be quite hastily written, or possibly quite par for the course for factual inaccuracies and bad English. Consider:

The Indian Express sent a test mail to the Indian Ambassador in China on her official email ID and, using the password posted online, was able to access it.

You login to e-mail accounts – not send ‘test mail’ to access them.

or,

Similarly, accounts of NDA and DRDO officials reveal phone numbers, commercial documents, official correspondence and personal mails. The account of the Indian embassy in Germany contains a query by two IIM (Calcutta) students about safety in the wake of recent racial abuse cases in West Germany.

Err….someone please let the writer know of the German reunification. The racial abuse case being spoken of, in any case, happened in the erstwhile East Germany.

Advertisements

Written by BongoP'o'ndit

August 30, 2007 at 7:11 pm

One Response

Subscribe to comments with RSS.

  1. […] It is imperative that the Indian government takes cyber security more seriously and trains its officials accordingly. After all, keeping a hard-to-guess pass word is not a task beyond even the laziest babu! […]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: