Idiots and their luggage.

Recently, the Syrian government’s webmail server was compromised by Anonymous.  They went on to dump the users and passwords on the system.

The most common password?  12345.

This story broke last week, but countless websites are not telling it correctly.  The  error is that they claim the President’s account was hacked and his password was 12345.  I started off writing this post with that information, but I like to do a little something called “fact-checking” before I commit information to the Internet.  I linked two original sources above.  Haaretz, the Israeli publication that seems to be the original source had their information correct.

The attack took place overnight Sunday and the target was the mail server of the Syrian Ministry of Presidential Affairs. Some 78 inboxes of Assad’s aides and advisers were hacked and the password that some used was “12345”.

It seems pretty straightforward, but apparently reading comprehension isn’t an important skill to be an Internet journalist.

The other problem is that most people assume the breach was due to the weak passwords.  That is not necessarily the case.  The passwords on display are the passwords used to get into an individual user’s email box… to dump the users and passwords from the email system they would need remote access to either the server or the mySQL instance*.  Hopefully that access was not guarded by such weak passwords.  I believe it is most likely that the server (or database) was accessed through an unpatched vulnerability.  Once access was obtained, they dumped out the passwords, and then went through the webmail interface to sift through all of the email boxes.

All that said, weak passwords are a major issue.  I intend to post a follow up soon with some steps to prevent bad passwords.



*Please don’t put your databases online unless absolutely necessary.


One response

  1. A lot more doubt, mumble; while in trouble, delegate; when in charge, ponder.
    We flourish in enterprises which demand the positive qualities we possess, but we succeed in those that may also utilize our defects.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s