[funsec] Police secret password blunder
Kane.Lightowler at contentsecurity.com.au
Wed Apr 5 00:12:46 CDT 2006
Police secret password blunder
A NSW Police blunder has led to a database of email passwords -
including those of the anti-terrorism commander and hundreds of
journalists - published on the internet.
The names, email addresses and passwords of as many as 800 people who
signed up to receive NSW Police media releases are listed on the
Among the exposed passwords is that of Detective Chief Superintendent
Mark Jenkins, the man responsible for the state's Counter Terrorist
Co-ordination Command unit.
This morning, smh.com.au alerted Mr Jenkins to the fact that his
password had been compromised.
He said he had no idea it was available on the internet.
"I'd like to make some inquiries with our media unit before I make any
comment whatsoever," he said.
The database also includes passwords belonging to well-known journalists
at The Sydney Morning Herald, The Daily Telegraph, the ABC and the
commercial TV networks as well as regional newspapers and radio
The database appears to have been taken offline within the past month,
but it can still be accessed through Google.
NSW Police have not contacted its media release subscribers over the
apparent breach of privacy and security.
While some of the passwords would be used only for subscribing to the
NSW Police media releases, many appear to be the secret codes
journalists use to access their email accounts and other
The more sophisticated passwords are a combination of letters and
numerals, while others are people's names.
There are also bizarre passwords such as "smellyundies", "enforcer",
"chunder" and "crunchymaggots".
NSW Police could contact Google to ask for the cache of compromising
details to be taken off its site, as smh.com.au does when it has to
remove archived stories from its website for legal reasons.
The exposure of the email addresses also gives spammers access to
Comment is being awaited from NSW Police.
Network Security Consultant
Level 3, Suite 32
203 Castlereagh Street
phone +61 2 9267 9911
mobile +61 413 114 186
fax +61 2 9261 2378
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the funsec