April 10, 2015

If this report is true – and there is a good chance it is, this would be a prime example that no firewalls, IPS systems and any technical security protect against humans ignoring basic security.

In 7 out of 10 of our audits we find post-it notes or complete print outs of usernames and passwords at employees desks. The problem is that companies started enforcing password minimum complexity rules, regular changes etc. This all leads employees to write everything down on a lot larger scale than a few years ago when “timmiller1960” was permissible.¬†We all remember the case when a reporter during Hurricane Katrina showed a credit card on TV, which was then abused minutes after airing.

In the French TV channel attack it seems that usernames / passwords were posted against a wall in the background.