Royal Navy Website Hacked, Passwords Revealed 114
An anonymous reader writes "The British Royal Navy's website has been suspended after a Romanian hacker exploited SQL injection vulnerabilities to gain access to the site.
The hacker, named 'TinKode,' accessed usernames and passwords used by the site's administrators and published them on the web. TinKode's attack is 'particularly embarrassing for the British Ministry of Defence, as just last month protecting against cyber attacks was declared in the National Security Strategy to be a "highest priority for UK national security."'"
Re:Oops (Score:3, Informative)
More like:
"Lieutenant and password = '*'; please report to the bridge."
Details (Score:5, Informative)
http://pastebin.com/raw.php?i=M2MUEdv4 [pastebin.com]
Fire up your rainbow tables :-)
Re:Details (Score:3, Informative)
Wow, I haven't seen that ASCII art chick since the early 90s when I would hang out on questionable BBSs :)
that's not technically embarrassing (Score:5, Informative)
it's an unimportant website
now THIS is technically embarrassing
http://www.bbc.co.uk/news/uk-scotland-highlands-islands-11605365 [bbc.co.uk]
this is a nuclear powered brand new stealth submarine, giving away its secret propulsion system as the tide lowers, because someone drove it into the beach. stealth beach? (slaps forehead)
Re:clear text passwords? (Score:2, Informative)
Re:Details (Score:4, Informative)
It was probably not ppp, but a rather unfortunate password whose md5 is the same as for "ppp". I can't believe they'd actually put in a password like that.
Since the former is statistically improbable to beyond-astronomical degrees, the latter is, unfortunately, more likely.
If they are anything like the US (Score:4, Informative)