Feeds

Oops - SF prosecutors put city passwords on public record

Cunning plan

The Power of One eBook: Top reasons to choose HP BladeSystem

San Francisco prosecutors have put the city's network at further risk by placing access passwords and usernames on the public record as part of their case against Terry Childs, the sysadmin alleged to have hijacked the city's wide area network.

A list of 150 usernames and passwords of city officials was submitted to court as an exhibit last week. Childs, 43, was arrested on 12 July on charges of tampering with the city's FiberWAN network. He allegedly changed passwords and refused to hand them over to administrators, leaving city bosses locked out.

The impasse was broken when Childs agree to hand over the login credentials to city Mayor Gavin Newsom, during a meeting between the two last week. Despite this, he remains in jail, with bail set at $5 million.

The list of passwords and usernames for access to the city's VPN networks was reportedly recovered from Child's machine and submitted in court documents in a bid to bolster the argument against a reduction of Childs' bail. The office of San Francisco District Attorney Kamala Harris claims Childs' possession of these passwords demonstrated the continuing threat he poses to its networks. Prosecutors argue that Childs could use the passwords to impersonate legitimate users.

Infoworld quotes unnamed sources suggesting that a second password in needed to obtain access to the city's network. Even so, disclosing first stage passwords is still bad security practice. Infoworld adds that many of the passwords are the same as VPN log-in identities or "extremely easy to guess".

After initially declining to comment, a spokeswoman for the DA's office said that "the court files have been amended". ®

Designing a Defense for Mobile Applications

More from The Register

next story
DARPA-derived secure microkernel goes open source tomorrow
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.