Hacker News new | past | comments | ask | show | jobs | submit login
Prince William photos accidentally reveal RAF password (sophos.com)
63 points by Garbage on Nov 21, 2012 | hide | past | favorite | 46 comments



".. if you are being photographed or filmed at your place of work, it may be sensible to remove any passwords which could appear in the background.. "

I've got some better advice. Don't stick passwords to the wall (or monitor) in the first place!


I see no problem with it. Securing a room is a known problem, and relatively easy to do, particularly in a military base. You have physical locks and guards. If you know that the people who have access to the room should also be able to access that part of the network, the physical security secures the network.

The username and password, then, keep out people who don't have access to that room.


Well yes, securing the world is a known problem. Look at the other wall.


Even with the actual document photochopped out, the credentials could still show in a mirror or monitor. Or maybe soon we'll be able to recreate missing parts of images by analyzing the ambient light distributions in the rest of the photo...


Second option is rather unlikely, given how many unknowns you would be solving against (geometry of the seen, geometry of the not seen, incident light sources, camera response curve etc) from comparatively very little data (a continuous signal that is sampled and heavily quantized to just 8 bits per channel).


Good point. We could reduce some of those unknowns by getting the original photograph (would have camera data in its metadata), and we could assume at least some of the light sources in the ceiling and through windows.


Yes you can limit the problem until we can get something useful out of the other end but it is very very hard. Here is one of the latest works on the topic: "Accidental pinhole and pinspeck cameras: revealing the scene outside the picture" (Torralba & Freeman).

http://people.csail.mit.edu/torralba/publications/shadows.pd...


It's actually a very clever way to seed access to their honeypot.


Whomever put that up will be breached, which is not a pleasant experience. The level of dressing down will be aligned with the sensitivity of the environment the account is used for. In the case of MilFLIP, it's an Internet facing resource so there's nothing too serious.

Milflip's an Internet-based web site for military flight information, primarily approach processes for different places. If it's the same milflip it won't be too serious. The user guide is publicly available online[1], as is the site.

[1] - https://www.aidu.mod.uk/Milflip/help.pdf


Is "breached" a British word for "fired?"


It is (AFAIK) more of a military-specific term, and means being disciplined rather than fired. I believe it stems from a "breach of discipline".


Is it a synonym for, or just a milder version of, what Americans refer to as "court-martial"?


I would imagine that it covers the sort of disciplinary offences where one's commanding officer can impose some form of punishment or official reprimand without there needing to be a court martial. The US equivalent would be, I think, a Nonjudicial Punishment or Article 15.

Purely as an FYI, what Americans would refer to as a court-martial would also be a court-martial in the UK.


I would think it'd be closer to a mast/NJP (non-judicial punishment) where you basically get yelled at, get some sort of grunt duty (cleaning the latrine for a month?), maybe have a note in your file if the CO deems it severe enough.


No, it's basically a dressing down and formal disciplinary process.


As an aviator in the US military, I'm not surprised. This is common practice. The system in question is for public domain UK aviation charts and pubs. Many of the unclassified systems I use have the user and password taped to the monitor.


Why don't they either use a password manager, of which there are hundreds, or simply bolt on a "LOGIN" button on the keyboard?

You'd think, at least, that it could be in a binder hanging on the wall.


US military unclassified systems are a mess... a spaghetti bowl of disjoint networks, operating systems, hardware, desktop and Internet applications designed by a multitude of lowest bid government contractors with little sense for usability and often very poor technical skills.


There is a certain chance that this is not, in fact, an example of bad password management. This service ("MilFlip") could be an internal service on an internal, secure network (the kind of networks that, if someone was to penetrate it, you have bigger fish to fry than keeping them out of "MilFlip") that just doesn't have a good way of turning passwords off - and, to be "secure", requires a non-simple password.


the manual for the service in question is here - http://www.google.cl/url?sa=t&rct=j&q=milflip&so... (from a google search of "milflip"). it seems to be a web site of charts (not terribly secret).


Probably another victim of ill-thought-out complex password requirements. If it's too complex to remember, it will probably end up on a post-it note.


Having worked for the MoD in the past, shit like this gets punished big time. They have quite stringent rules for managing credentials.

Whoever printed that out will probably be fired pretty much straight away.


Unless it was Prince William of course...


This is unfortunately true. He could shoot a child in the face and get a pardon...


Reminds me of http://xkcd.com/936/


It says in the article that the password was obvious and easy to guess so I doubt this is the reason.


What if your netadmin makes you change it every three weeks?

Edit: Whoever downvoted me obviously undermines how quickly 'password lag' builds up if you're made to change your passwords often and forced to not use the last 3 or 5 passwords again.


Particularly for sites you only log into every few months. One time passwords, with a 6 week lag between use require a password manager. Memory will not cut it.

And if you are nontechnical that means paper. I consulted a decade ago with a team that had ~5 systems like this. The office was awash in sticky notes. Sometimes security policies are a menace to actual security.


Why don't they provide two-factor auth fobs in the military? It seems like the easiest solution to me. It's not like the technology is new.


They do, for systems which require greater security.



I've made mistakes like this before so I tend to go over office pictures with a photo editor before I post them.


Fantastic OpSec, there.


why is no one else commenting that it's 2012 and we still rely on passwords?


We have used passwords for thousands of years, so what are you getting at?


What else would you use? Biometrics are expensive, and far less secure than passwords in most instances. Besides, once you have that information, it will get converted to a hash (same as a password) so you're really stuck with the same problem from a hacking point of view. And once somebody figures out the rainbow table for your retina, what are you supposed to do, change your retina?

Two factor auth is really the best way, and although it's kludgy, it provides the best protection. And it includes a password.


> although it's kludgy

Some implementations are, but the concept is sound and can work smoothly. Your second factor could be a smart card or a USB dongle that's simply plugged in. Like an ATM, especially European ones.


Wouldn't it be cool if the second factor was something that was passive on your part. Something like an NFC on your phone, where the NFC "bubble" is boosted just enough that you don't need to pull it out of your pocket but isn't too large.


No, that's a bad idea. Requiring a positive action is better than passively scanning.

One of the big problems with automated online systems is that the user often has no chance to notice that something is going wrong. Giving them a chance to notice anomalies improves security.

E.g. I'll know if my house is broken in to, unless it's done by the very best (funded). OTOH someone could be copying my harddrive as we speak, and in many cases I'd have no idea.


No fucking way you're forcing biometrics on me. I'll give them a password. I'm not giving someone who wants access my thumb.


you do realize this is the ministry of defense, right? they have budget and need. a clear cut case for better security needs than almost anyone. and they also have a history of saying "damn the usability" in the pursuit of their security goals.

some open source projects have better security, it seems, than the MOD. wtf? talk about an asymmetric world.


I realize that, but you didn't answer my question. What do you propose they do instead?


hardware tokens and/or biometrics (depending on the system they need access to). soft tokens (e.g. mobile devices) for low-sensitivity systems. widely available COTS laptops have fingerprint scanners, ffs.

given the nature of the work the system shouldn't be comprisable if a picture of a password gets out, which is suggested in this case. (the fact that it was written down suggests other failings, yes, in all sorts of areas.) your objections (cost, usability, etc), in this case, are pretty weak when you consider the sensitivity of the assets being protected.

soft token-based two factor auth is a growing commodity. key-based auth is commonplace now, and is recognized as strong. finally USB-tokens are also COTS at this point. given that a major government agency which supposedly knows a lot about security got hosed by this, i would expect the market to lag, not lead, security practices.


Laptop fingerprint scanners usually work by just storing the windows password in the registry (under reversible encryption). I'm not sure that's really a security enhancement.

Example: http://arstechnica.com/security/2012/09/windows-passwords-ex...


And every one of your examples uses passwords in conjunction with a second factor, or uses biometrics which is a heavily flawed idea as I previously pointed out. Your answer does not support the comment you originally made. You're fighting windmills brother.


see, i don't think i am "fighting windmills", as you can guess, and here's why. the implication of having to change passwords due to this photo is that the only thing between an outsider and the inside was a password. my original comment was that no one had yet questioned the viability of passwords. not a one! so far it has just been "oh, i would have gotten shitcanned for that, lucky him he's a royal" and "oops!" no one on the esteemed HN had spoken up that holy crap passwords.

while my job in infosec isn't related to AAA i know that better stuff exists and that it's in budget and applicable here. i offered some ideas, you offer up criticisms, but i'm still wondering how no one had spoken up about the crappiness of it being 2012 and we still rely on passwords.

just a few days ago this link was posted here:

http://kod.ozgurcakmak.com.tr/passwords-do-we-really-need-to...

and also this one from wired:

http://www.wired.com/gadgetlab/2012/11/ff-mat-honan-password...

given all the breaches in the past 2 years by lulzsec and relatives you'd expect a bigger outcry here. nope, not yet.

you honestly think this is the best we have? i sure don't.

here's some (i imagine) better COTS stuff out there: http://www.yubico.com/products/yubikey-hardware/yubikey/




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: