Publishing that government systems have been compromised on a Friday must be part of the Anonymous strategy.
The fact that these systems have been hacked is not the REAL story hear.
The maturity of all involved should be observed, evaluated and acted upon.
We may never know "how" the are going to address this, and how mature they are in their response. We do however get a glimpse of serious lack in competence when we watch the news and their PR response.... time will tell.
Here is what we do know about their maturity
Three main sites have been violated
- TRAVAIL, EMPLOI ET SOLIDARITÉ SOCIALE - QUÉBEC
- http://www.mess.gouv.qc.ca
- http://www.rqap.gouv.qc.ca
- COMMISSION NATIONALE D'EXAMEN SUR L'ASSURANCE-EMPLOI - QUÉBEC
- http://www.cneae.gouv.qc.ca/
The information collected is fascinating for one simple reason;
It seems the government systems still allow users to use their names as passwords.
I may be old school on some things, however password education is not one of them, and I strongly believe that modern and mature systems should not be built without basic security measures.
If the most basic of security features is not present on these systems, how many other security issues lie dormant, waiting to be exploited.
Wait.... I guess it isn't dormant after all.
Have fun my government friends working this weekend.
--------
NOTE: The breached information can be retrieved from within this article
http://branchez-vous.com/2015/07/03/le-gouvernement-du-quebec-victime-de-piratage/
NOTE2: Security researchers have confirmed that some of these accounts have valid passwords that are also used (same password) to log into mail accounts (gmail, hotmail, etc.)
If you or someone you know is in the list, change your passwords wherever you've used it.
No comments:
Post a Comment