Tuesday December 2, 2008 4:43 AM AEST
Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
Latest Comments
"Concerned man's comments seem to intimate that if I'm using agents all will be well but the ..."
on Shavlik Technologies to broaden its patch management offerings
by Werner K | Nov 26, 2008 8:36 PM
 
"That will enhance Microsoft Office system, including SharePoint - good platform for enterprise ..."
on Companies have security to consider with in-the-cloud Office
by SGE | Nov 25, 2008 3:29 PM
 
"how many users allow per session? because the digital persona password manager allows only 10 ..."
on DigitalPersona Pro Workstation/Pro Server
by Daniel | Nov 25, 2008 12:14 AM
 
"security through obscurity...shows how detached HIPAA is from reality."
on Privacy breaches causing business instability
by priceOfFishInChina | Nov 20, 2008 1:19 PM
 
"I have been the recipient of Agent.JEN.Trojan through an email suggesting a UPS parcel (including..."
on Trojan disguised as UPS delivery note
by Vincent Laing | Nov 13, 2008 4:01 PM
IM Security

Embassy email details posted online

  • Email a Friend
  • Print Page
Related Articles
By Matt Chapman
Sep 4, 2007 3:03 PM
Tags: Embassy | email | details | posted | online |
The data, which has been posted online by freelance security consultant Dan Egerstad, reveals usernames, passwords and server addresses.

Those affected include Kazakhstan's embassies in the US and Russia, India's embassy in the US and Russia's embassy in Sweden.

The information also includes Indian and Russian log-in details for email accounts at the UK visa office in Nepal, the foreign ministry of Iran and 40 Uzbeki embassies around the world.

"I did an experiment and came across the information by accident," Egerstad told Computer Sweden.

The security consultant claimed that he had not accessed any of the compromised accounts because he did not want to break the law.

However, he defended his decision to post the information online rather than warning the affected parties.

"When something like this happens you usually contact people and ask them to fix it, but in this case it felt too big for that, calling to other countries," Egerstad said.

"I hope this makes them take action. Hopefully faster than ever before, and I hope they become a bit more aware of security issues."

Graham Cluley, senior technology consultant at Sophos, said that it was highly embarrassing for the governments and embassies concerned that details of how to log-in to their email accounts had been uncovered.

"It is unclear at the moment as to how this information leaked out, but it is quite possible that human error is to blame," Cluley told vnunet.com.

"An organisation's security is only as strong as its weakest link, and people make mistakes."

Cluley added that common mistakes include choosing easily guessable passwords, using the same password for every website, or not changing a password on a regular basis.

Copyright © 2008 vnunet.com

 
Ads by Google
Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
Tripwire - Click here to win an iTouch
 
 
Messaging Whitepapers
 
Popular Tags
accused backdoor bank botnets drop email exploit hack job microsoft online palin pdf researchers reserve spam spring srizbi symantec virus