So much win and so much fail at the same time:
Israeli newspaper Haaretz on Tuesday reported that Anonymous hacked the office of Syrian President Bashar al-Assad and dumped hundreds of emails online, including damning prep notes for Assad’s December 2011 ABC News interview with Barbara Walters, in which a press officer encouraged bringing up America’s police response to the “Occupy Wall Street” protests as well as America’s “policy to torture people,” as counter-examples against allegations of Syrian regime-ordered killings.
Seventy eight inboxes of Assad staffers were compromised, according to the newspaper, including several that used the password “12345,” one of the most-common but obviously least secure passwords possible.
4tehlulz.
me
“That’s the stupidest combination I’ve ever heard in my life! The kind of thing an idiot would have on his luggage!”
–Dark Helmet
cathyx
I better change all my passwords. It might be embarrassing if all my emails were exposed. Everyone would see what a totally boring life I have.
Villago Delenda Est
Pardon me, I was going to comment, but I was busy banging my head on the desk over “12345” as a password…
burnspbesq
I don’t see how this supports the theory that the world is biscuit-shaped.
dmsilev
@me: Beat me to it. Apparently Mel Brooks is a modern Nostradamus.
scav
biscuit-shaped? pear-shaped? What happened to the traditional irregular oblate sphereoid we all knew and loved? Anyway, more fun with e-mail, along with blogger payrolls, this time from Russia.
burnspbesq
They’re going to get well and truly fucked up by the FBI, and probably sooner than later, but its hard not to admire these guys’ chutzpah.
Warren Terra
I’m with comments #1 and #5; how could you have failed to include the obvious clip?
ETA changed to better version of the Spaceballs clip.
BGinCHI
How many computers have been riddled by gunfire I can only guess.
Better minions, plz.
Brachiator
This could almost be an out take from that new Sacha Baron Cohen movie, The Dictator.
Bago
We once black hatted a hacker network for exploring the gnida flash exploit, and they left the default password as test test. The hilarious part? They left all of their login and contact data in clear text on their server.
We wound up finding pictures of the guy and his cat on his web page, and submitted it to the FBI. Good times.
Lesson to be learned? At the very least make people work for it. Admin admin, test test, user 12345. Please. That will be found by a bored fifth grader. Are you smarter than a fifth grader?
ringading
Sublime post title. separates the men from the old men. JC+1
Anoniminous
This is why computer security people get ulcers.
Villago Delenda Est
@Bago:
Oh, my mind reels with sarcastic replies to this one…
scav
Now I’m just seeing a seething mass of geeks and masked-vigilantes pouting because this one was so damn dull.
tofubo
is this win or fail ??
http://armedforcesjournal.com/2012/02/8904030
S. cerevisiae
@dmsilev: Mel has turned out to be remarkably prescient, first his brilliant prediction of the 2008 campaign Blazing Saddles now we have actual Spaceballs. Too bad these ones aren’t funny.
Mark S.
Who is H.E.? His Excellency?
Herm Edwards?
I can’t remember a time that Bashar was ever considered a “hero” in this country.
Schlemizel
I work as an IT security consultant and am constantly surprised how often I can find stupid crap like 12345678 as a password, or Password1 when they require a cap & number. The next easiest step when you crack a password is to try that account info on every other system you can reach. Do you use the same ID/password on Facebook/gmail/work account? Many people do & that makes life so easy for the crooks.
Also, your intrusion prevention system means very little to me and your firewall means nothing at all. Just because the machine you use is behind that stuff does not mean you are safe. I’m coming in whatever port your firewall already allows on whatever application you let through. If I find one of a thousand little things that will let me get ANY system inside I can use a freely available tool called Metasploit that can automatically find other systems, test them & break them if possible, load itself on the new machine & start all over again. It will draw nice little maps for me and let me know how its doing. It might take weeks but it only takes one fault & your being lazy.
You are just a zebra in the herd, the trick is to not be the weak or sickly one.
As my master Yoda CISSP explained to me:
“Secure there is not, more secure there is”
Mark S.
How many comments can we get before Samara shows up and derails it with her stupidity?
harlana
do not f*ck with the hippies
4tehlulz
You called?
WereBear
We had the IT/Network guy in this week, and he is actually admiring of my successful efforts to get the office to have really secure passwords; he can NEVER remember any of them, which is a good sign.
I’m so good at it, in fact, that I use Password Wallet on my iPod touch because it has reached the point where I will never remember them, either; and I have more than ever before.
jl
@Bago:
” Are you smarter than a fifth grader? ”
Please don’t put the BJ commentariate (especially me) on the spot like that, OK?
I remember a long time ago changing a 12345 pw from some anonymous admin to 54321, but the trusted local IT person was looking over my shoulder. At least the laughter and mocking cusswords were hint enough for me to come up with something better.
Edit; problem is that with a growing number of officially deemed ‘secure’ pw that I cannot remember, I have to keep a list of them in a safe place. Which is why it is sometimes quicker to ask for an email.
And then different systems seem to like the same security questions. And I either put the truth on them, or make up stuff, and then I have to remember all the fake security question answers.
And is it my fault my first pet was a dog named Spot? No, IMHO, it is not my fault. She did have lots of spots.
Warren Terra
@WereBear:
I fear this. Not this, precisely, but the fact that anyone who steals my phone can ask for password reminders to be sent to my email, and then read my email on my phone.
harlana
after watching that, i googled “occupy oakland fox news” and there was nothing on occupy oakland. shouldn’t fox be all over this and calling the protesters (a complete gaggle of dfh’s) “terrorists” and such?
DougJarvus Green-Ellis
Been working on “It’s in the order of the hedgerows” but..looks like you beat me to the first XTC lyric reference in BJ history.
Martin
@Schlemizel: 1Password + 30 character randomly generated passwords, unique for each account. Me, wife, kids. We sleep well.
Southern Beale
Have we learned our lesson?
Well it’s a little too late to do the right thing now. Just don’t make that same mistake, Ohio.
JGabriel
@burnspbesq:
I doubt the hackers who did this are US based. It’s possible, of course, but if Haaretz is the first to report on it, then the hackers are probably Israeli. Anonymous is global, not just US.
.
Benjamin Franklin
Preps for a TeeVee interview with Wah-Wah?
Is that the best anonymous can do? But, how did Israeli news get it first.
I question teh timing
J.W. Hamner
Honestly I feel like everything important should just have an authenticator app like WoW and gmail. I presume that’s not entirely foolproof, but it’s a small annoyance to use and seems like it could save lots of headaches/diplomatic incidents.
Cacti
@burnspbesq:
At some point, getting caught by the Feds might be a relief.
When they started the threatening the Los Zetas Cartel, they ended up backing off once it became clear the Zetas were hiring their own hackers to track Anonymous members.
Bago
In this cloud based world, encryption becomes mandatory, and key / password management becomes a royal pain. Remember to have separate passwords for each service, even if it means you might need a master key password to unlock your password store.
Honestly for me, it’s the grandfathered password rules that bother me the most. I have used complex passwords since I was a teenager, but then you get weird char restrictions at places like AT&T, and can never remember a non complex pass phrase. It’s some completely arbitrary reg ex that requires a number, a caps, but denies ‘&’. Annoying.
danimal
An XTC reference! Well played.
ShadeTail
@JGabriel:
Keep in mind that said hackers recently released a recorded conversation between the FBI and foreign law enforcement orgs. That’s good reason to figure FBI action could still lead to foreign hacker arrests.
Bago
Yeah, Anonymous is anyone with an agenda on the Internet. Period. Sure, you can try and goad 4channers into LOICing someone, make grandiose videos, but really, calling them a coherent group is improper.
Baud
@Southern Beale: That’s why I hate polls. The only poll that counts is the election…get it right then!
James Hare
I use two-factor authentication for anything truly important that I can secure myself. Google offers an authentication module for linux that leverages their two-factor authentication scheme. A single password is a single point of failure. With two-factor authentication the attacker must have my password AND a way to get ahold of the authentication token. That comes from my mobile phone, which I keep on me at all times for work.
There are some systems I can’t secure that way (Facebook and more worrisome, my bank systems) but I can’t force their security folks to offer a more secure option.
Ben Cisco (mobile)
As a sysadmin I just want to say Aaaaarrrrrrgggghhh.
bemused senior
Another security professional here. To come up with a secure password that you can remember, choose a line from a song lyric, poem, quotation or bible verse. For your password use the first letters of the words, substituting a few numeric symbols for letters, preserving case and punctuation. Easy to remember and hard to guess.
Please use different passwords for important accounts, such as your emails and financial accounts, in contrast to unimportant sites. The big web mail providers estimate that >50% of compromised accounts taken over for the various lost passport scams, etc. happen because the password is the same as one used on some other site with bad security whose user information file has been stolen. The thieves systematically look for password reuse at the given email address for the accounts in the stolen list. James Fallowes wrote a series of posts describing what happened to his wife in this regard.
Mike S.
Did Anonymous itself claim to have hacked Assad’s office, or was that claim only made by an Israeli newspaper?
Smells like Mossad, no? There is no way to know.
Good lord John Cole is DENSE.
Fucen Pneumatic Fuck Wrench Tarmal
@DougJarvus Green-Ellis:
like a bug in brandy in this big bronze cup
Mr_Gravity
Looking beyond the obvious humor of the Syrian government’s lax network security, I couldn’t help but notice that the Syrians, – THE SYRIANS – for cryin’ out loud, are calling us out on torture.
Thanks W. And Dick.
Idiots.
polyorchnid octopunch
@bemused senior: For your edification: XKCD