General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsSony Kept Thousands of Passwords in a Folder Named "Password"
http://gizmodo.com/sony-kept-thousands-of-passwords-in-a-document-marked-1666772286It's been a rough week for Sony execs (million-dollar salaries notwithstanding). And things are only going to get worse. Which would almost be enough to make you feel bad for the poor schmucks in ITthat is, until you realize that they hid their most sensitive password data under the label "Passwords." Go ahead and slam your head against something hard. We'll wait.
The second trove of data snuck out sometime yesterday, and it didn't take long for Buzzfeed to stumble upon the Facebook, MySpace (an ancient form of Facebook), YouTube, and Twitter "usernames and passwords for major motion picture social accounts." Likely due to the fact that they were saved in a huge file called "Password." Which contained even more passwords called things like "Facebook login password." So they would know that that was the password. Because who needs encryption or security or common sense or even the vaguest attempt at grade-school level online safety.
Yep, "Password" should do just fine. Maybe stick a "1" on the end. That'll throw 'em off.
IDemo
(16,926 posts)And shouldn't it be "Passw0rd" with a zero?
bemildred
(90,061 posts)MineralMan
(146,281 posts)I mean, there's a firewall and stuff. People do stupid things, even corporate IT managers, it seems. Sony was dancing with the prettiest girls at the dance, and wasn't paying attention to the details, it seems.
steve2470
(37,457 posts)Given time and adequate resources, ANYTHING can be hacked. AFAIK, the only 100% failsafe solution is to take a server offline. If I'm wrong, someone please correct me.
MineralMan
(146,281 posts)that is connected to any network, and access to that computer should be extremely tightly controlled and limited only to those who have the need to know such information.
That someone could hack into a networked computer with a Password folder should be a terminal embarrassment for their CIO. A firing should be done immediately.
steve2470
(37,457 posts)FLPanhandle
(7,107 posts)LOL
Rex
(65,616 posts)password. password. Why isn't it working!!!
stevenleser
(32,886 posts)No backups, incredibly inadequate backups, zero security, minimal security, no firewalls, firewall device purchased but not configured in any meaningful way, and yes various kinds of inadequate password security.
And all of that is just the beginning.
ProdigalJunkMail
(12,017 posts)Database Passwords.xls
Hell, probably some good customer info accessible now!
sP
Initech
(100,054 posts)Dreamer Tatum
(10,926 posts)Nye Bevan
(25,406 posts)Oops, probably shouldn't have posted that publicly.....
steve2470
(37,457 posts)original article, kinda must read if you are into this sort of thing.