
Prince William photos accidentally reveal RAF password - Garbage
http://nakedsecurity.sophos.com/2012/11/21/prince-william-photos-password/
======
gushie
".. if you are being photographed or filmed at your place of work, it may be
sensible to remove any passwords which could appear in the background.. "

I've got some better advice. Don't stick passwords to the wall (or monitor) in
the first place!

~~~
stephengillie
Even with the actual document photochopped out, the credentials could still
show in a mirror or monitor. Or maybe soon we'll be able to recreate missing
parts of images by analyzing the ambient light distributions in the rest of
the photo...

~~~
mertd
Second option is rather unlikely, given how many unknowns you would be solving
against (geometry of the seen, geometry of the not seen, incident light
sources, camera response curve etc) from comparatively very little data (a
continuous signal that is sampled and heavily quantized to just 8 bits per
channel).

~~~
stephengillie
Good point. We could reduce some of those unknowns by getting the original
photograph (would have camera data in its metadata), and we could assume at
least some of the light sources in the ceiling and through windows.

~~~
mertd
Yes you can limit the problem until we can get something useful out of the
other end but it is very very hard. Here is one of the latest works on the
topic: "Accidental pinhole and pinspeck cameras: revealing the scene outside
the picture" (Torralba & Freeman).

[http://people.csail.mit.edu/torralba/publications/shadows.pd...](http://people.csail.mit.edu/torralba/publications/shadows.pdf)

------
iuguy
Whomever put that up will be breached, which is not a pleasant experience. The
level of dressing down will be aligned with the sensitivity of the environment
the account is used for. In the case of MilFLIP, it's an Internet facing
resource so there's nothing too serious.

Milflip's an Internet-based web site for military flight information,
primarily approach processes for different places. If it's the same milflip it
won't be too serious. The user guide is publicly available online[1], as is
the site.

[1] - <https://www.aidu.mod.uk/Milflip/help.pdf>

~~~
haberman
Is "breached" a British word for "fired?"

~~~
untog
It is (AFAIK) more of a military-specific term, and means being disciplined
rather than fired. I believe it stems from a "breach of discipline".

~~~
blahedo
Is it a synonym for, or just a milder version of, what Americans refer to as
"court-martial"?

~~~
elemeno
I would imagine that it covers the sort of disciplinary offences where one's
commanding officer can impose some form of punishment or official reprimand
without there needing to be a court martial. The US equivalent would be, I
think, a Nonjudicial Punishment or Article 15.

Purely as an FYI, what Americans would refer to as a court-martial would also
be a court-martial in the UK.

------
jread
As an aviator in the US military, I'm not surprised. This is common practice.
The system in question is for public domain UK aviation charts and pubs. Many
of the unclassified systems I use have the user and password taped to the
monitor.

~~~
astrodust
Why don't they either use a password manager, of which there are hundreds, or
simply bolt on a "LOGIN" button on the keyboard?

You'd think, at least, that it could be in a binder hanging on the wall.

~~~
jread
US military unclassified systems are a mess... a spaghetti bowl of disjoint
networks, operating systems, hardware, desktop and Internet applications
designed by a multitude of lowest bid government contractors with little sense
for usability and often very poor technical skills.

------
mseebach2
There is a certain chance that this is not, in fact, an example of bad
password management. This service ("MilFlip") could be an internal service on
an internal, secure network (the kind of networks that, if someone was to
penetrate it, you have bigger fish to fry than keeping them out of "MilFlip")
that just doesn't have a good way of turning passwords off - and, to be
"secure", requires a non-simple password.

------
andrewcooke
the manual for the service in question is here -
[http://www.google.cl/url?sa=t&rct=j&q=milflip&so...](http://www.google.cl/url?sa=t&rct=j&q=milflip&source=web&cd=3&cad=rja&ved=0CCUQjBAwAg&url=https%3A%2F%2Fwww.aidu.mod.uk%2FMilflip%2Fhelp.pdf&ei=99-sUKbgAe_H0AHByoB4&usg=AFQjCNH5PXHjHOcLeF0irEwcY1sfGv3maw)
(from a google search of "milflip"). it seems to be a web site of charts (not
terribly secret).

------
gavinjoyce
Probably another victim of ill-thought-out complex password requirements. If
it's too complex to remember, it will probably end up on a post-it note.

~~~
meaty
Having worked for the MoD in the past, shit like this gets punished big time.
They have quite stringent rules for managing credentials.

Whoever printed that out will probably be fired pretty much straight away.

~~~
hellweaver666
Unless it was Prince William of course...

~~~
meaty
This is unfortunately true. He could shoot a child in the face and get a
pardon...

------
purephase
Why don't they provide two-factor auth fobs in the military? It seems like the
easiest solution to me. It's not like the technology is new.

~~~
cs02rm0
They do, for systems which require greater security.

------
spyder
There is a similar risk for "real" keys:
[http://www.guardian.co.uk/science/2008/nov/14/key-
photograph...](http://www.guardian.co.uk/science/2008/nov/14/key-photograph-
key-cutting)

------
PaulHoule
I've made mistakes like this before so I tend to go over office pictures with
a photo editor before I post them.

------
antihero
Fantastic OpSec, there.

------
jnazario
why is no one else commenting that it's 2012 and we still rely on passwords?

~~~
rymith
What else would you use? Biometrics are expensive, and far less secure than
passwords in most instances. Besides, once you have that information, it will
get converted to a hash (same as a password) so you're really stuck with the
same problem from a hacking point of view. And once somebody figures out the
rainbow table for your retina, what are you supposed to do, change your
retina?

Two factor auth is really the best way, and although it's kludgy, it provides
the best protection. And it includes a password.

~~~
TillE
> although it's kludgy

Some implementations are, but the concept is sound and can work smoothly. Your
second factor could be a smart card or a USB dongle that's simply plugged in.
Like an ATM, especially European ones.

~~~
sigkill
Wouldn't it be cool if the second factor was something that was passive on
your part. Something like an NFC on your phone, where the NFC "bubble" is
boosted just enough that you don't need to pull it out of your pocket but
isn't _too_ large.

~~~
JabavuAdams
No, that's a bad idea. Requiring a positive action is better than passively
scanning.

One of the big problems with automated online systems is that the user often
has no chance to notice that something is going wrong. Giving them a chance to
notice anomalies improves security.

E.g. I'll know if my house is broken in to, unless it's done by the very best
(funded). OTOH someone could be copying my harddrive as we speak, and in many
cases I'd have no idea.

