According to Silicon Republic, the Irish government is to run some cyber war games to test their responses and resilience to digital attacks.
That’ll be interesting; a few years ago the Irish government decided to implement a very unpopular and ineffective DNS-based copyright (and potentially censoring) system that drew the attention of a certain Guy-Fawkes-mask wearing hacktivist group. In no time at all the hackers posted admin passwords from the Department of Foreign Affairs (DFA), a group you’d expect to have superior security. I saw the list, and it was not much better than “Monkey” or “Password1” … actually “Password1” might have been one of them!
Hopefully the results of the tests will result in real changes to practices and design. I’m sceptical; I reckon tests/results will be moulded to minimise “bad results” and a knock on image. Plus an admin who uses “Password1” in a so-called-secure environment is the sort who won’t want to change.
Folks from efficient countries will think I’m being a cynic – people who live in Ireland know exactly what I mean (e-voting machines where the admin password was in the publicly available help button, a 10 year SAP project that exceeds departmental budgets, digital ticketing for public transport that makes us want to use paper stripe cards like most Euro cities, and so on).
I use to work in IT Security for a Gov’t contractor in the states. Reading this post reminds me how we promote the older staff and the older staff what technology to be dummy down so it does not pain them, including what they use for passwords. We the IT Security staff wanted to see 16 charicter passwords for specific stuff on the network and even showed these elder men of wisdom that we could give them there passwords in seconds as we had used lophtcrack and built a rainbow table of all hashs for passwords 8 charicters or less, which was the default networks logon settings. They still did not let us enforce this change, because they did not want to have to type such a long password.
Funny stuff… enjoyed this post