A case study in why credentials are revoked before firings.
Muneeb Akhter asked Sohaib Akhter for the plaintext password
The more scary part in this story is that the government stores your passwords in plain text!
So basically ANYONE with access to the database can steal your credentials, including employees, the government and any authorities.
Never re-use passwords.
Its always interesting when people are both very smart and also very stupid at the same time.
Knowledgeable and smart are not the same thing. These two are very knowledgeable about the systems they worked on and database manipulation, believe it or not these are not hard skills to learn. But they were incredibly dumb regardless given every single action they took at every point in their lives.
Fun fact. In psychology assessment this are being called hard skills: very technical abilities for doing specialized tasks; and soft skills: social and emotional abilities to navigate social contexts, manage conflict and self regulate emotions.
Hard skills are easier to teach, while soft skills are very hard.
soft skills are very hard
🤔
There are certain positions I would probably be very good at from a technical perspective that I avoid because I know my myself. I could never work for the CIA or FBI for example. I don’t want to know their secrets because they could have me weigh a duty to execute my job and protect my family against my duty to humanity. I don’t know which principle I would betray, if grappling with it didn’t kill me first. Some might think that’s an easy choice but the personal cost is extreme — look at Snowden.
No, keep me far away from that shit. Let me grapple with intellectual problems all day long, but moral quandaries paralyze me.
And why couldn’t they have done that to the student loans system?
Like JFC, they could have instantly made themselves immune from trial-by-jury anywhere in America by doing that one tiny thing.
Wasn’t that a premise in Mr Robot?
Probably not one of the 96(+) databases they had :(
DROP TABLE students
“Eh, they can recover from yesterday,” he said, referring to daily database backups.
But did they recover from backups? Don’t leave the most juicy intrigue out of the story.
No one ever tested the backups so they don’t know if they will work!
Back in 2015, the brothers pled guilty in Virginia to a scheme involving wire fraud and computers. Muneeb was sentenced to three years in prison, while Sohaib got two.
I’m not gonna say there were signs that these two weren’t the most law abiding of citizens to begin with, buuuuut…
wire fraud
Relatives of El Nasir?
Oh I’m sure the government loved taking them, since >Half of all Politicians are corrupt fraudsters.
deleted by creator
Why were they storing passwords in plaintext in the databases?!
Because like all critical infrastructure it was setup by somebody’s kid on work experience
Or some poor guy who is setting it up, because it is a one off and just get it done project, that metastasizes into a fucking mess.
First time reading about government systems, eh?
Why not? National Safety Department of Slovak Republic (Narodny Bezpecnostny Urad) had password NBUSK123… just government things
No, that was a bit different.
login: nbusr
password: nbusr123The K in password doesnt match Republic in the name.
Totally secure.
It’s like leaving your car door unlocked in a bad neighborhood so your window doesn’t get smashed for the $.36 in the center console. Attacker might take the prize and go without showing that everything around it is just as poorly-built.
Well how else would they help the users if they ever forgot their passwords? Duh.
/s
Probably for the same reasons web browsers store them in plain text: They don‘t care.
the same reasons web browsers store them in plain text
Why one web browser stores them in plain text. Fucking Edge.
Who knows about the others, but I can pretty much guarantee you that Librewolf, for example, isn’t doing that shit.
Firefox and chromium browsers also store them in plain text. I know because I literally copied them from a file when setting up my password manager.
If you can autofill passwords without authenticating in some way, they are probably either stored in plaintext, or encrypted with a key that is stored in plaintext. Cause, like, how is it supposed to magically encrypt it.
That’s how computers work, dummy. Magic.
I believe Firefox (and forks) only encrypt if you have set a master password.
In a row?!
Try not to delete any databases on your way to the parking lot!
Oops! All Databases
“I can’t go out for a pack of smokes without running into 9 databases that you dropped!”
But I explicitly stated in the
CLAUDE.mdemployee guidelines to not delete production databases!
Only a living wage can prevent data dumps.
Upper management can’t even see it…yet.
Fucking assholes. All that does it fuck over everyone that works with them.
Redundant twin brothers to handle the redundant twin backups.
