SF Reveals Usernames And Password To City Network In Accidental Effort To Prove Terry Childs' Case For Him

from the that-would-be-an-oops dept

In the ongoing lawsuit against the disgruntled city of San Francisco tech worker, Terry Childs, who held the city's network somewhat hostage for a few days (before finally coughing up the admin password to Mayor Newsom), the San Francisco DA has now entered into evidence approximately 150 usernames and passwords of individuals who log into the city's network via a VPN from home. City officials don't seem too concerned that they're revealing the usernames and passwords, even though that would appear to be a huge security violation.

From the description, it sounds like the system uses two-factor authentication, so beyond username and password, users also have to enter in a second code (perhaps provided by an RSA key or something like that). However, that still doesn't mean that revealing the usernames and passwords was smart. It's still a tremendous security violation. It's hard to see why they couldn't have submitted that as evidence that needed to be kept secret, given the nature of it. Also, it would seem that revealing all this info actually does much more to help Childs' case: he claims he was keeping the admin password secret because city officials weren't very good with security, and would have compromised the system. And, indeed, it appears that's what they've now done.

Filed Under: passwords, san francisco, terry childs