[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] UK intelligence agency stores passwords in plain text
By Michael Lee
March 26, 2013
There are some government agencies that most would expect to have a fair grasp
of security, even for those systems that are not core to their operations.
That's what we thought with the Australian Tax Office's Publication Ordering
System, but sadly, we were proven wrong.
University student Dan Farrall discovered that his UK government's
communication headquarters (GCHQ) careers site has been sending back passwords
in complete plain text. For those of us outside of the UK, GCHQ is one of
Britain's intelligence agencies, dealing primarily with signals intelligence
and charged with "safeguarding Britain's electronic communications and digital
It works with the nation's security services and secret intelligence services
MI5 and MI6, and is thought of as the counterpart to the US National Security
Agency or Australia's Defence Signals Directorate.
As Farrall pointed out on his blog, apart from the harm to its reputation, the
sort of information that would be held within these systems would be
Attend #HITB2013AMS April 8th - 11th in Amsterdam.
Featuring over 42 international speakers and keynotes
by Bob Lord and Edward Schwartz http://conference.hitb.org