San Francisco DA Discloses City's Passwords 333
snydeq writes "The office of San Francisco District Attorney Kamala Harris has made public close to 150 usernames and passwords used by various departments to connect to the city's VPN. The passwords were filed this week as Exhibit A in a court document arguing against a reduction in $5 million bail in the case against Terry Childs. Though they placed the passwords in the public record, city prosecutors do seem to think that they are sensitive. InfoWorld's Paul Venezia, who has been following the case closely, provides further analysis of the technical details in the city's case. 'By themselves, [the passwords] would not be enough to allow anyone to access the network via VPN,' Venezia writes, 'but the fact that the city entered them into evidence is quite shocking. At the very least, they'll have to shut down their VPN access for awhile until they've changed them all and modified the configurations of some large number of VPN clients.'"
Suddenly Childs seems quite normal (Score:5, Funny)
The real question is... (Score:4, Funny)
top 5 list (Score:3, Funny)
The top 5:
password
admin
root
guest
t3rrych1lds1337haxx0r
There is bright future... (Score:3, Funny)
I can see that there is a bright future in the cluestick market...
Makes me glad I live in the one place ... (Score:3, Funny)
that has more sense than San Francisco: Louisiana!
Re:Then the users will change them right back (Score:5, Funny)
Re:Makes me glad I live in the one place ... (Score:3, Funny)
Ouch! That was a cruel comparison.
I'm not saying you are incorrect.
I live about 30 minutes outside of San Francisco. What's frightening about The City is the people who live there assume everyone who criticizes them are ignorant hillbillies.
Re:Passwords can be TOO strong. (Score:3, Funny)
I attended a lecture some years ago by a Microsoft employee who was high up in their security structure.
[...]
"Wrong! It is possible for a password policy to be TOO secure. Let me give you an example. It is possible to set up a security policy in NT that requires a password of at least 8 characters, which must also be mixed case, have at least one numerical digit, and at least one non-alphanumeric character, and which will require a change of password every week."
"As soon as you implement that policy, users will write their password on a post-it note, stick it to their monitor, and replace it with a new one every week. So you see, a password policy CAN be too secure for your own good."
This, by the way, *IS* the policy used internally at Microsoft.
Re:Then the users will change them right back (Score:5, Funny)
It was perhaps the only time in my life I actually knew what it meant to "be at a loss for words"
I can believe it. I imagine I would have stared at him blankly for just long enough to realize he wasn't kidding before I had an aneurysm.
Re:This is the tip of the iceberg (Score:2, Funny)
Clearly this was a plot by Childs... (Score:3, Funny)
to help the City of San Francisco look stupid.
Re:This is the tip of the iceberg (Score:2, Funny)
A father and his two kids were killed by illegal aliens?
Sounds like a case for Mulder and Scully!
Re:"Free Terry Childs" T-Shirts (Score:2, Funny)
I'll just write over my "Reiser is Innocent!" T-shirt.
Which is a cross-out over "Free Kevin!"
Re:The reason for password disclosure (Score:1, Funny)
Actually, "GOD" is no longer regarded as highest level of access. The new highest level of access is "Paris", as in Paris Hilton. Why? Well who else in the universe thinks more highly of themselves than Paris?
Re:Password policies (Score:3, Funny)
what morons, everybody know the only secure place for your password sticky note is the underside of your keyboard