Home page logo

dataloss logo Data Loss mailing list archives

UK intelligence agency stores passwords in plain text
From: Erica Absetz <erica () riskbasedsecurity com>
Date: Tue, 26 Mar 2013 13:08:56 -0400


There are some government agencies that most would expect to have a
fair grasp of security, even for those systems that are not core to
their operations. That's what we thought with the Australian Tax
Office's Publication Ordering System, but sadly, we were proven wrong.

University student Dan Farrall discovered that his UK government's
communication headquarters (GCHQ) careers site has been sending back
passwords in complete plain text. For those of us outside of the UK,
GCHQ is one of Britain's intelligence agencies, dealing primarily with
signals intelligence and charged with "safeguarding Britain's
electronic communications and digital space".

It works with the nation's security services and secret intelligence
services MI5 and MI6, and is thought of as the counterpart to the US
National Security Agency or Australia's Defence Signals Directorate.

As Farrall pointed out on his blog, apart from the harm to its
reputation, the sort of information that would be held within these
systems would be significant.

We double-checked Farrall's claim and confirmed that the passwords
were in fact being sent in plain text, and while we were at it, we
started an application for a malware reverse engineer.
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list


Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

  By Date           By Thread  

Current thread:
  • UK intelligence agency stores passwords in plain text Erica Absetz (Mar 27)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]