| Submit your comments on this article |
| Science & Technology |
| Anonymous Breaches Booz Allen Hamilton to Reveal 90,000 Military Passwords |
| 2011-07-12 |
| Posted by:tipper |
| #5 They had 90,000 passwords on their server IN THE CLEAR (rather than stored as SHA-256 hashs)? Idiots! |
| Posted by: CincinnatusChili 2011-07-12 20:58 |
| #4 Darth, IKO for retirees is not cac. Guess I need to get the list to find out what my password for IKO is... |
| Posted by: 49 Pan 2011-07-12 13:13 |
| #3 Also the concept of a front end and back end server arrangement along with some crypto between the two. You can keep out 99.999999% of hackers with just that. With proper permissions for users, you can even keep the spear phishing to minimum damage. Mostly it comes to money. The upper management sees it as an acceptable risk. Do you spend 1 million on a lock tight solution against something that has a 2% chance of happening each year, or do you use that money for upgrades and R&D? The other question I have is why the fuck are 90,000 military passwords kept in an area that has connectivity to the internet? Everything that is used for authentication is CAC card related for day to day use for non-secured stuff. |
| Posted by: DarthVader 2011-07-12 12:32 |
| #2 Because the decision makers at the top are old creatures who have no real grasp of tech. They're not the ones with i'whatevers but have had secretaries and assistants doing the interface with modern technologies enough to understand their implied requirements for privacy and anonymity. |
| Posted by: Procopius2k 2011-07-12 10:47 |
| #1 banks and big companies ... why don't they firewall properly? |
| Posted by: Water Modem 2011-07-12 08:55 |