Site icon Liquidmatrix Security Digest

Army Database Outflanked

According to the US Army one of their databases was breached exposing the personal information for at least 1600 soldiers.

From FCW:

Soldiers who registered with, or participated in, the Army-sponsored Operation Tribute to Freedom program during the past five years may be affected by the security breach, Army officials said March 10. The service is notifying those soldiers about the issue through e-mail messages and letters.

The information that may have been breached includes the service members’ names, e-mail messages, phone numbers, home addresses, awards received, ranks, gender, ethnicity, and dates the soldiers deployed and returned from their deployment, Army officials said.

No SSN? That is a fair amount of personal information nonetheless.The part that makes me smile is the inevitable spin in a piece such as this. “The Criminal Investigation Command is investigating how the password-protected, secure Web-based information was penetrated.” Um, yeah.

I once did a test on a US military web facing system and was asked to breach it. I went for the low hanging fruit right out of the gate. Sure enough I was able to gain access.

Username: Admin
Password: abc123
Number of attempts: 1

Priceless.

Article Link

Exit mobile version