Whoa. Here is an interesting read about a security consultant, Dan Egerstad, who managed to inadvertently expose 100+ email accounts for various embassies.
From The Register UK:
Underscoring a major susceptibility threatening thousands of high-profile computer users across the world, a Swedish security consultant has published login credentials belonging to some 100 embassies.
The list contains the login credentials for official email addresses belonging to some 100 foreign embassies from countries including Russia, India, Japan and Iran. They are used to conduct official, sometimes confidential business, from sending ambassadors’ schedules to transmitting information relating to lost passports.
The consultant, Dan Egerstad, says the list is only part of a much bigger problem that allowed him to gain credentials for more than 1,000 email accounts around the world, including at least one belonging to an employee of a company that generates more than $10bn in annual revenue. He declined to offer specific details for fear they would be misused by criminals.
“It will only take 10 minutes and every script kiddie is going to be using the exact same method,” he told The Reg. “I’m probably not the first one grabbing these passwords, but I’m absolutely the first one publishing them.”
Read on.
The consultant’s home site has the list. Here is a sampling:
Who | IP to pop3 | Login | Password
Indian Embassy in Sweden 81.228.xxx.xxx u81004859 Brdv8H5j
Russian Embassy in Sweden 81.228.xxx.xxx u86119749 y9z8ApZp
Kazakhstan Embassy in Russia 81.176.xxx.xxx akmaral@kazembassy.ru 86rb43
Kazakhstan Embassy in Russia 81.176.xxx.xxx alla@kazembassy.ru vhs35
Kazakhstan Embassy in Russia 81.176.xxx.xxx askarest@kazembassy.ru dol57
Kazakhstan Embassy in Russia 81.176.xxx.xxx b.kuatbekova@kazembassy.ru bk145
Kazakhstan Embassy in Russia 81.176.xxx.xxx baimenche@kazembassy.ru 1956
Deranged Security for the full list. Apparently, a reporter from India took it even further.
Tags: Foreign Embassy Logins, Password Strength, Email Security
