Go and buy the Daily Telegraph newspaper right now. Go down the paper-shop. It's the Rooty Hill show!
Andrew Robb in an interview with me this morning on Warragamba Dam, water, leaks, northern development - and Mark Latham

UPDATED 28/2/2013 Tony the parliamentary tradie who owns @aph email address with the predictable passwords

UPDATED 9.45 28/2/2013

There's Tony the tradie and Tony the minister in the Bourke/Burke clan at parliament house.

I phoned Tony Burke the minister's electorate office this morning and spoke with Sarah who said that she is aware of the other Tony Bourke at parliament house.   Sarah passed me on to Angela in Tony's Canberra office.   Angela was great too - she passed me on to the Parliament House switchboard - and they put me through to Tony's phone.

Tony is not a Minister of the Crown.   Tony's a tradie who keeps Parliament House running.   And g'day to Tony's colleague Graham who I had a lovely chat with this morning.   Tony Bourke the tradie is sometimes bemused as he receives briefings intended for the Minister - and his passwords have been reset after his encounter with the ABC.



Were you like Tony the parliamentary tradie?   Did you send your details in to this ABC website?

Abc website

I have learned more tonight about hacking and data-base management than in all the previous reading I've done on the matter.   

Risky.biz is reporting that the ABC's website was hacked in 2011 and the unauthorised incursion into ABC systems was not picked up.

This is going to be a very serious matter for the ABC and a source of ribbing for at least one Minister of the Crown.

Phil of Canberra is a regular on our blog and something of a genius.

Phil's note to us all is below -  if you have a regular word as your password anywhere - go out and change it tonight.   I hope that the Bourke household is busily doing that now.

Here's Phil

I took a copy of the hackers dump from the (redacted) pastebin and crossloaded into (redacted) this evening.  

I wanted to have a look at the mix and quality of the passwords.  I sort of do this whenever there is a decent sized dump (and the ABC hacking involves about 50,000).  I consult / contract in IT security.  

 

In general, a hashed password can't be cracked.  However, when you look at a large list of them, you notice that many of the hashes are the same.  In other words, if the hashes are the same, the passwords are the same.  
For example, the dump contains about 30 instances of the password "possum".  There are about 280 with the password "happiness".  Over the years, hacker types have created large lookup databases of hashes with the matching password.  There are a range of web sites out there (google [REDACTED] for examples) where you can paste in a hash ad it will return the matching password if known.  Some of these sites know tens of millions of hashes.  Common words like "parliament" are easily found.

The full line from the Tony Bourke dump includes this stuff with a lot more redacted

bourkey 

tony.bourke@aph.gov.au

IP ADDRESS REDACTED - 

Password parliament

THE HASH TAG FOR PARLIAMENT WAS REDACTED by us

 

Comments