Those that have known me for some time know that wherever possible I like to get my catch phrase in “Bartlett Remains unimpressed”.
This is where it all began… Computing December 1999
Page 3 – Business Sites Open to Abuse
INTERNET service provider Global Internet has admitted that it left user names and passwords for 200 business web sites in an easily accessible ﬁle – but has no plans to warn its customers, writes Steve Ranger. The ﬁle could be downloaded by any of Global lnternet’s customers whose sites were hosted on the same machine. The file was protected by simple encryption, which could easily be broken by tools available on the Internet, said Matt Bartlett, who found the file. ‘Anyone who’s used Linux or Unix usually knows this sort of thing, especially those involved in administration tasks,’ said Bartlett, an IT technician at Global Internet customer Wilts Wholesale Electrical. ‘Now we know about it, we’ll change our passwords. But what about the other companies?’ Peter Venmore, a director at Global Internet, blamed human error and said: ‘We have a dozen of these servers and they are set up correctly.’ Warning customers to change their passwords is ‘not necessarily required’, he said, because ordinary users will be unable to decrypt the file. He admitted, however: If you want to throw a dictionary programme at it and the passwords are in plain text then you would be able to get access.’ Global Intemet is continuing its investigation, but Bartlett remains unimpressed. ‘All this is basic security, there is nothing clever involved,’ he said.
What clever devious way did I get hold of this password file?
ohh the days before shadow password files!