A Photo Accidentally Revealed a Password For Hawaii's Emergency Agency (qz.com) 146
An anonymous reader quotes a report from Quartz: In the aftermath of an erroneous missile warning that terrified Hawaiians on Saturday (Jan. 13), the state's emergency management agency has come under increased scrutiny, from the poor design of the software that enables alerts to a particularly slapdash security measure by one of its employees. Old photos from the Associated Press inside the agency's office appear to show an unspecified password on a yellow Post-It note, stuck to a computer monitor. The image, which shows operations manger Jeffrey Wong standing in front of the computer, was taken in July and appeared in articles published at the time about the agency's preparedness in the face of a nuclear threat. The agency verified that the password is indeed real but wouldn't go into specifics on what program the password was supposed to be used for.
Really bad security (Score:5, Funny)
"yellow Post-It note, stuck to a computer monitor."
Everybody knows real security can only be had by posting it under the keyboard, where nobody can photograph it.
Duh!
Re: Really bad security (Score:3)
Re: (Score:1)
Not a good plan. You'll end up having to call the helpdesk to get your account unlocked because some idiot kept trying to login as you using the fake password.
Re: (Score:1)
Not if the login written on it is to a dummy account.
Re: (Score:2)
Re: (Score:2)
How do they flip it over without you noticing when it only has adhesive on one side?
Re: (Score:2)
Glue stick.
Re: (Score:3)
Time to move it to the fake rock outside your cube...
Re: (Score:1)
Yep, it's now warningpoint3
warningpoint2 also sounds like the system name (Score:3)
warningpoint2 also sounds like the system name as well.
Re: (Score:3)
Everything on display all connects back to a honeypot.
Re: (Score:2)
Re:Really bad security (Score:4, Insightful)
David Ige, the governor of Hawaii has said this has been a "learning experience" for everyone involved, that it will not turn into a witch hunt, and no one will lose their job. In other words, there will be no accountability or consequences, and the same serially incompetent bozos will remain in charge.
Re: (Score:3)
no one will lose their job. In other words, there will be no accountability or consequences, and the same serially incompetent bozos will remain in charge.
There can be accountability besides firings. Being excluded from promotion decisions could be one of them.
Re:Really bad security (Score:4, Insightful)
There can be accountability besides firings.
Perhaps. But is a ballistic missile attack response team really the right career for someone that requires a lot of on-the-job training?
Being excluded from promotion decisions could be one of them.
Well, if they screw up the response to a real ballistic missile attack, then sure, delaying their promotion would be warranted.
Perhaps it is time to question whether we should even have state-level bureaucrats assigned to ballistic missile response. Shouldn't that be something handled at the Federal level? The is especially true for Hawaii, which has near Louisiana levels of corruption and incompetence.
Re: (Score:3)
The real ballistic appropriate ballistic missiles response, bend over and kiss you arse goodbye, because fucker, you are going to kill you one way or another. No such things as one going off, one goes off, they all go off, no one can take any chance of being the one not to fire, so they all go, targeting everyone because even if you had none and fired none, those that fired and were fired upon, can not leave you to take over, that insanity goes with the territory of nuclear insanity. The insanity of believi
Re: (Score:2, Informative)
Dude, did you see the "GUI" they are using? You can tell what has happened just by looking at the result.
(Image of the GUI [medium.com] is a bit down in the article.)
The reason this bullshit happened is because the person leading the development didn't have the competence needed to judge the state of the system or he didn't get the funding needed to finish the project.
You can tell just by looking at it that someone programmed the backend and made it work, and to test the system he spent 5 minutes to make a web-page that
Re:Really bad security (Score:5, Insightful)
You're falling into the "we must fire someone for accountability" trap.
That leads to basically incompetents running your ship - if everyone is deathly afraid of losing their job for making a mistake, you end up with a corporate culture of timidity, cover your ass and hiding mistakes.
The modern method is not to fire the person who pushed the button, but to find out the true reason. This is often' called "The Five Whys" because it literally asks Why over and over again.
Like in this case, given what we know.
Why was a missile alert called? Because someone clicked the link to send it.
Why did they click that link? Because they clicked the wrong link - they meant to click the one that produced a test message instead.
Why did they click the wrong link? Because the links were presented as an unsorted list, with the test links appearing on some events ahead of the real link, and sometimes afterwards.
Why did they click the wrong link? Because when you're looking at a huge list of unsorted links, you tend to focus on the one that matches what you're wanting even though it may not be exactly what you're looking at.
Why didn't the software confirm? The software did confirm - it merely asked if they wanted to send the message out.
Why didn't he click no? Because the software didn't tell him what link he clicked, just if he was sure. (E.g., you close an app with a dozen documents open, and all you get is "Save file?" instead of it actually telling you what file to save).
Well, there's something you need to fix - the UI sucks and it's really only an accidental mis-click away from saying the president is dead to missiles have been launched.
So the UI has two problems with it - a huge nasty list of unsorted messages that really should be put in order somehow. And perhaps a big ass button that selects test messages from actual messages. And a confirmation dialog that actually confirms what you are going to send. Perhaps if it was a real message, it would ask first "The message you are sending is not a test message. Click OK to continue and have your supervisor access his console to do same" as well as "Send the non-test message 'Missiles are incoming'?"
Firing someone over mistakes doesn't ensure mistakes don't happen (because the person who learned from it will no longer be present). It instills a culture of fear - that if they click the wrong link, they can get fired. So what would take a few minutes now takes 10 people and an hour because the person who is to send the message has to check multiple times they're clicking the right thing. And the underlying cause won't get fixed, leading to more errors in the future
And imagine if (heaven forbid) a real event happens. You have 5 minutes before missiles hits. Do you want 4 of them to be wasted because the person at the desk responsible for sending it to triple check that yes, that's really the intent because if oh my god if there aren't any missiles I'm going to get fired?
It's why no one was fired for Amazon AWS going down last year, or when GitHub suffered a massive meltdown - errors were made, but the root cause turned out to be an opportunity for human error to do bad things accidentally.
https://en.wikipedia.org/wiki/... [wikipedia.org]
Far too often the question asked is "Who" as if firing that person to make a point will fix the problem. It is the dominant question if you want to assign blame and move on, and it is politically popular among the people who are looking for someone to hang. But it turns out doing so doesn't fix underlying structural issues, it just covers it up.
Re:Really bad security (Score:5, Insightful)
I second this. I work for a big company designing high-tech products. Never did I see anybody get fired because they made a fatal mistake which cost the company massive loss. I believe this is perfectly normal in this industry - we learn from the mistake, figure out how to prevent that in the future, and move on.
Actually, you might be grateful if you are fired. What usually happens after a royal screw-up is that the person usually will need to take some responsibility and will be the person who will do all the work to make it right. Not only to jump in and fix the problem, but also participate in all sorts of investigations, inquiries, report-writing, etc. I already feel pretty sorry about that operator since he will get interviews/meetings/questioning with all sorts of three-leter agency investigators who will be disappointed and would want to go through every single action that person took that day, having him/her go through all the horror that he experienced again and again.
That alone is already a deterrent painful enough to make people think twice before doing something risky.
Re: (Score:2)
There's also more to this. Humans are imperfect and make mistakes. Firing a human over a mistake doesn't mean you'll end up fixing the problem in a way that the mistake can't happen again. The replacement human is just as fallible.
To fix any mistake you need to first identify the systematic problems that allowed the mistake to escalate into an incident. Simply firing someone shows that you not only don't understand humans, but also that you refuse to improve your own systems.
Re: (Score:3)
OTOH, clearly this facility is also run like a newbie help desk, keeping critical passwords on post-its stuck to a monitor and then allowing a photograph to be taken and released to the public on top of that. Sure the alert interface sucked, but that's obviously not the only problem here. You'd really think people in those positions there would have better training in security and a less casual attitude.
Re:Full of shit (Score:5, Insightful)
Yeah the UI is garbage but that doesn't excuse operator error.
Welp, I don't think I will be able to change your mind, but there are at least two schools of thought here, yours:
1. If something bad happens, whip everyone involved until they cannot stand any longer, then fire them, ensuring this never happens again,
Or,
2. Ask why this happened, don't assign blame, then work through the problem to find the root cause, then fix that problem so that it never happens again.
NASA determined that humans fail at pretty much everything about 3% of the time on the ISS and have built in all sorts of checks and balances to account for this. If the ISS blows up, everyone shares the blame, and responsibility for keeping that from happen again. If you assume from the get-go that humans are capable of being 100% infallable 24/7/365, even when they're sleep deprived from a) having a baby b) insomnia from a divorce c) hung over from a bachelors party etc etc then yes your system sounds great as there's no chance anything can ever go wrong and it's just their fault for being a bad person and they should feel bad.
Option 1 is both overly optimistic going in, and highly negative on the resolution side - nobody worth anything will stick around for long; option 2 assumes the worst going in and looks for a positive solution coming out. People tend not to quit out of frustration quite so often in scenario 2.
Re: (Score:2)
You're the editor of that newsletter, "How To Be Perfect And Never Make Mistakes", aren't you? May I please subscribe to it?
Re: (Score:3)
I take it you've never pulled a 'push' door, have you?
Re: (Score:2)
Oh yeah that's totally the same as an emergency alert for an incoming missile attack.
The guy who did the error learned his lesson (Score:2)
Re: (Score:1)
Re: (Score:1)
Re: (Score:2)
Make them work for it- put it under the monitor!
False alarm!!! (Score:1)
There was no password!!!
The weakest security (Score:2, Interesting)
The weakest security is always the human involved.
IMHO people posting, sharing or otherwise exposing passwords, should be written up, and eventually fired.
What is the point of a password that is out in the open like this? Are passwords that hard to remember?
I wanna run away screaming!
Re:The weakest security (Score:5, Insightful)
What is the point of a password that is out in the open like this? Are passwords that hard to remember?
Actually, yes. When your password must contain upper and lower-case letters, at least one number, a special character, must be at least 12 characters long, must be changed every 3 months, and cannot be a variation of or contain any previous password. That's when you get yellow sticky notes on the monitor.
Re:The weakest security (Score:5, Insightful)
Particularly when you have 50 such passwords.
Re: (Score:1)
Or hundreds....This is why I had to resort to using a password manager (keepass and vault), it was becoming to hard to remember everything. I found myself reusing password, simply because I knew any more would be hard to remember.
Re: (Score:1)
That works great until a bug is discovered in CPU that allows any process to dump your password database.
Re: (Score:1)
Come on, what are the odds of that happening?
Re: (Score:2)
Approximately 1 to 0.9995743548.
Re: (Score:3)
Particularly when you have 50 such passwords.
And that's when people ask for bigger monitors, to hold all the stick-it notes.
Re: The weakest security (Score:2)
Please, this is /.
Half of those characters aren't supported as input in such a field.
Re:The weakest security (Score:5, Informative)
So much so that the latest NIST recommendations are that you Should NOT impose composition rules and you Should NOT require the password is changed frequently. It's better to train employees to come up with memorable secure passwords (which don't require hard to remember composition rules https://xkcd.com/936/) and use things like password managers and 2FA.
Re:The weakest security (Score:4, Insightful)
Re: (Score:2)
Re: (Score:2)
The reference is the lates NIST recommendation. https://pages.nist.gov/800-63-... [nist.gov]
5.1.1.1 Memorized Secret Authenticators
Memorized secrets SHALL be at least 8 characters in length if chosen by the subscriber. Memorized secrets chosen randomly by the CSP or verifier SHALL be at least 6 characters in length and MAY be entirely numeric. If the CSP or verifier disallows a chosen memorized secret based on its appearance on a blacklist of compromised values, the subscriber SHALL be required to choose a different memorized secret. No other complexity requirements for memorized secrets SHOULD be imposed. A rationale for this is presented in Appendix A Strength of Memorized Secrets.
Re: (Score:1)
At NIST, we still have to change our passwords every three months along with a bunch of other asinine rules. Dogfood not eaten here.
Re: (Score:2)
Re: (Score:2)
So much so that the latest NIST recommendations are that you Should NOT impose composition rules and you Should NOT require the password is changed frequently.
Key word in there is highlighted. Given those NIST recommendations are less than 6 months old, we've got another 4 and a half years at the very least before you start to see them adopted widely.
Re: (Score:2)
Squeal like a pig! [dilbert.com]
Re: (Score:2)
When your password must contain upper and lower-case letters, at least one number, a special character, must be at least 12 characters long, must be changed every 3 months
Making passwords hard to remember isn't security. It is building in faults because the experts are too lazy to figure out a better method.
Three significant length words should be sufficient. That way, you only have to remember 3 things, a couple symbols and one number. And is it sufficient for current password strengths
Gorilla!Bamboo(Mastodon)01
For the 01 means "January". "Change" your password every month on the first and you have 12 passwords without changing anything meaningful.
You can vary it up if you
one two three four five (Score:2)
Re: (Score:3)
And who is to say that a sticky note is that bad? How many passwords are just saved in some plain text file or email?
At least physical access is required to obtain the password, which is probably securely restricted to people you know and trust. Sticky notes are pretty much hacker-proof.
It's even better if you lock your sticky notes in a drawer, to avoid accidents like in TFA.
Re: (Score:1)
Re: (Score:2)
That's why you choose a handful of passwords, of differing difficulty, and importance.
For instance, the password to your GMail account should include some number, letters, symbols, whitespace characters, Chinese / Japanese / Thai characters, musical / mathematical notation, and a statement that if read aloud in court would get someone in a heap in trouble (FBI, CIA, NSA, or someone else in trouble).
Conversely, the password to your Amazon account doesn't need the last three types.
Re: (Score:3)
Re: (Score:2)
That's when you get yellow sticky notes on the monitor.
Certain people will probably always do that. But good password managers have been around for a while, and can easily accommodate such requirements. If anyone is unaware of those types of tools, that's probably a failing of their IT department for not having or properly communicating a standard for password management.
Re: (Score:3)
And if your system has any type of variation on "can not contain any previous password", it has to store your passwords in plaintext somewhere, which is another huge security issue.
No it doesn't... you can store previous password hashes and when the user attempts to change their password you compare the hash of the new password to the old hashes. No need to store plaintext at all.
Re: (Score:3)
Are something (fingerprint).
Have something (RFID badge).
Know something (unique-to-user pass phrase).
You would think that all three would be required to send out an emergency alert message.
Fast reaction (Score:3)
You would think that all three would be required to send out an emergency alert message.
Then in case of an actual emergency (say, when category 9 hurricane 'Zorro' hits Hawai in a couple of months), you'd be complaining that the alert wasn't sent because it relied on a complex validation procedure that required perfectly coordinated simultaneous action by 5 person, one of which was sick on that day, and the other lost his keyfob 12 months ago when his dog ate it.
That's the complex problem with emergency procedures, they need both at the same time be quick enough to execute in case of actual em
Re: (Score:2)
And yes, passwords are hard to remember when you have to remember a hundred of them. If they weren't, why do people use password managers?
Re: (Score:2)
So that anyone on call can take over the job of alert/test that shift?
Re: (Score:2)
So that anyone on call can take over the job of alert/test that shift?
Most likely.
Having a readily posted password isn't a problem - depending on how you balance your risk. For example, is it worse if people in the control room (or the world who doesn't have access to the control room) knows the password; or if WHILE RIDICULOUSLY STRESSED THAT AN ICBM IS HEADING FOR YOU (caps since it would be REALLY stressful) you can't remember the password to tell everyone about to seek shelter from a nuclear weapon t
Re: (Score:2)
Re:The weakest security (Score:5, Informative)
Once you start requiring them to be 12 characters long, and contain at least one uppercase character, one lowercase character, one numeral, and one Egyptian hieroglyph they are.
By the way, those complexity rules have been officially withdrawn by NIST [sophos.com]. In fact, TFA is an instance of the very problem that drove the rule change. Now all we have to do is spend 20 years undoing the damage of the old, stupid, complexity rules.
Re: The weakest security (Score:3)
The weakest security is always the human involved.
That's true. It's also the reason why password setups and protocols should be made as easy and enjoyable to use as humanly possible.
If you build a password system that's hard to use, hard to remember, and force the user top jump through hoops, you're putting a lot of strain over the weakest link in the system. I.e., you're making the system brittle and easy to hack.
It certainly is not the password to... (Score:1)
... the mainframe, all programs and all desktops.
Joshua gets into the system that can fire nuclear (Score:2)
Joshua gets into the system that can fire nuclear missiles
Re: (Score:2)
Re: (Score:2)
... the mainframe, all programs and all desktops.
Correct. That password is "guest"
That's bad, but (Score:5, Insightful)
Re: (Score:2)
publishing photographs of the insides emergency management and civil defense facilities isn't such a hot idea either
Why? This isn't some super secret military facility. What you find in this room will likely be no different to any other emergency response room anywhere in the world. If anything the firestation we have at work looks more complex than this.
What have we learned?
They have multiple clocks.
They have cameras.
They monitor the weather.
They have more than 2 telephones like any emergency room.
They have swipe card access.
There's a password for an unknown system on the monitor.
We could have guessed what this picture
Re: (Score:2)
publishing photographs of the insides emergency management and civil defense facilities isn't such a hot idea either. Information wants to be free.
No kidding. Reminds me of when the officially admitted submarine depth capability had to be doubled, due to something said on a #%&^% TV documentary!
"Oh, um ... I guess say "greater than 800 feet" now. Because we are idiots."
That leads us to a fundamental question (Score:5, Funny)
Where can I buy Post-It with pre-printed passwords? That would save me so much time.
I had one of these (Score:2)
Re: (Score:2)
Cute. Mine says:
User: Administrator
Password: NiceTryShoulderSurfer
So its a desktop? (Score:2)
Someone has to use the computer with a pw and select test or alert from a GUI?
A test is selected every shift? Is the alarm so easy to select in the GUI too? Any "Sure?" on the GUI to confirm alarm was selected and not the much used test?
Re: (Score:3)
Apparently real and test were two adjacent entries in a drop down list; and then there was a confirmation box "Are you sure?"
Seems like an easy issue to fat-finger, especially if you get the same confirmation box with either selection.
Yesterday I had to make a dash for the printer to cancel a job because "Print" and "Edit" are adjacent in the right click context menu for the windows desktop.
(Really... does anyone really need one-click print without opening the document first, that they even need a right cli
how about fixing the Poor UI when you change the (Score:2)
how about fixing the Poor UI when you change the password system as well.
https://www.theinquirer.net/in... [theinquirer.net]
Outrageous! (Score:1)
It's changed now, so don't bother trying it. (Score:4, Funny)
Re: (Score:2)
The password's been changed to "Warmingpoint3" now, so don't bother trying the old one, it won't work.
https://qzprod.files.wordpress... [wordpress.com]
You're trying to attach the "r" to an "n". I'm pretty sure the password is "warningpoint2". You know, because this is an emergency management facility.
Re: (Score:2)
The feature request to change the hard-coded password has been filed - it's making its way through triage and prioritization. A meeting to decide what the new password should be has been scheduled. New layer of security is being implemented - non-transparent extra-sticky notes to always cover for the ones with the password have been ordered.
Oh my god! (Score:2)
Oh my god Oh my god Oh my god!!! They managed to get a photo of the secret password that was written on the super-secret Post-It-Note that was secretly affixed on the front of the terminal of our hyper-ultra-secret nuclear-threat-preparedness system! We’re soooooo totally screwed now!
Could be they are super smart (Score:2)
That password is for the honeypot...
Brazzers account (Score:2)
It would be funny if not so possibly tragic. (Score:5, Interesting)
Re: (Score:1)
Maybe it is because average people, no matter where they live in the world, don't have enmity towards each other.
It is only the _leaders_ and the _militaries_ of the world that create threats, start wars and in general start the problems that lead to conflict.
Re: (Score:2)
Maybe it is because average people, no matter where they live in the world, don't have enmity towards each other.
It is only the _leaders_ and the _militaries_ of the world that create threats, start wars and in general start the problems that lead to conflict.
Yeah, normal humans don't have conflicts, just their (inherently evil) military leaders.
And yet for some unfathomable reason there are locks on almost all doors.
Often it's the companies fault (Score:2)
When companies force you to change your password every 60 or 90 days "just because" and require the new password to be substantially different than their previous password people start writing them down.
I never understood the thought behind forcing a password change because you've had your password for X days.
Re: (Score:1)
Then why did NIST come out in their 2017 recommendations to no longer force arbitrary password changes when there is no evidence of a password compromise? Because 1) users start to write passwords down, 2) users use a password that is very similar
Its gotten to the point that I have so many different passwords with so many different requirements with different expiration dates that I have no choice to write them down someplace, piece of paper, file, whatever
Fired (Score:2)
Re: (Score:2)
I only need one post-it, for my login password. Everything else is in a text file named "Top Secret Passwords". What could go wrong?
Re: (Score:1)
Misdirection (Score:2)
ob. 12345 (Score:2)
This is why I keep my passwords in my "password suitcase", where it is encrypted until unlocked for use. (This way I only have to remember a single master password. It's the same numeric 5-digit code as on my other luggage...)
Need MFA (Score:2)
Something you don't have anymore, something you forgot, and something you ate.
Or something like that.
Post-It notes... (Score:2)
I worked in a place with a security policy that included having somebody from IT walk through the offices looking for this kind of thing (e.g. Post-It notes under keyboards, on cube partitions, etc).
This, in a place that had been a division of another company until a week before my arrival there: so all the legacy systems of the previous corporation plus all the systems of the new corporation, many of them providing the same services.
And password policies like "you must change your password every six mo
Why not change the PW? (Score:2)
What a fucking stupid response. If somebody finds a key for something that I own, my first response would be to change the lock... I certainly hope they have changed the password.
Re: (Score:1)