[ISN] UK intelligence agency stores passwords in plain text

http://www.zdnet.com/uk-intelligence-agency-stores-passwords-in-plain-text-7000013113/ By Michael Lee Securify This! ZDNet.com March 26, 2013 There are some government agencies that most would expect to have a fair grasp of security, even for those systems that are not core to their operations. That’s what we thought with the Australian Tax Office’s Publication Ordering System, but sadly, we were proven wrong. University student Dan Farrall discovered that his UK government’s communication headquarters (GCHQ) careers site has been sending back passwords in complete plain text. For those of us outside of the UK, GCHQ is one of Britain’s intelligence agencies, dealing primarily with signals intelligence and charged with “safeguarding Britain’s electronic communications and digital space”. It works with the nation’s security services and secret intelligence services MI5 and MI6, and is thought of as the counterpart to the US National Security Agency or Australia’s Defence Signals Directorate. As Farrall pointed out on his blog, apart from the harm to its reputation, the sort of information that would be held within these systems would be significant. […] ______________________________________________ Attend #HITB2013AMS April 8th – 11th in Amsterdam. Featuring over 42 international speakers and keynotes by Bob Lord and Edward Schwartz http://conference.hitb.org