GCHQ - A plaintext offender

[dfarrall]

Thought i would post this article i wrote here, as some people may find it interesting.
It's had a tonne of views today and as such i had to upgrade bandwidth once. Not sure i'll be able to afford to do it again so thought i'd post it before it's potentially gone for the month

http://danfarrall.com/gchq/

 

[cheechm]

Get it up on this: http://plaintextoffenders.com/

 

[dfarrall]

I did submit it to them, not sure why it didn't get posted but not too fussed. It's had a lot of coverage on many security sites, hence my bandwidth being demolished!

 

[arctine]

What's the problem?

Emailing menial login details for their recruitment website in no way suggests that the security of GCHQ is under compromise.

 

[platypus]

What's the problem?

Emailing menial login details for their recruitment website in no way suggests that the security of GCHQ is under compromise.

Nope, total non story.

 

[dfarrall]

What's the problem?

Emailing menial login details for their recruitment website in no way suggests that the security of GCHQ is under compromise.

Who said it was?

Emailing passwords over plaintext is the issue here, its a massive no no.

 

[Judgeneo]

I've had the same thing happen to me when I applied to a large defence firm, who has a significant information security division.

Shocking behaviour.

 

[cheechm]

Nope, total non story.

I found it quite ironic rather than "serious".

 

[anything I don't mind]

gchq bunch of amateurs. lol

 

[BDEE]

Newton Aycliffe. You live near me.

 

[Addicted]

You realise when applying for jobs at GCHQ you're only meant to tell people extremely close.

No job for you, amateur. (and yes, I read the fact you didn't bother applying in the end).

 

[Totality]

I'm betting he did apply but heard nothing back for two months hence why he posted the "story". It isn't even GCHQ that are recruiting, but a 3rd party.

I would laugh if the Op was sued based on the headline

 

[Firestar_3x]

Lol, and I'm not laughing at GCHQ.

 

[gettothechopper]

what a non story

its not like they gave you access to the nuclear codes is it?

"OMG someone has surreptitiously uploaded their CV!"

 

[arctine]

Who said it was?

You did.

'GCHQ – Not So Secure?'

'Not really sure how we can trust somebody like that to protect us, when they are still doing stupid things like this.'

 

[Judgeneo]

The bigger problem is that it doesn't exactly inspire confidence when applying for jobs there.

 

[Firestar_3x]

Looks like the GCHQ selection process is quite good, they clearly avoided the OP, rightfully so it would seem.

Another company might have stored your password in plain text, ok, and emailed it, ok not ideal. What does it give you access to, erm, a dedicated cv upload tool for your account only on a system not associated with GCHQ.

Great, moving on.

 

[Wink]

Lol, and I'm not laughing at GCHQ.

+1

I am pretty sure they would have laughed themselves when the OP emailed in too.

Complete non event.

 

[dfarrall]

You did.

'GCHQ – Not So Secure?'

'Not really sure how we can trust somebody like that to protect us, when they are still doing stupid things like this.'

It's certainly has to do with the security of personal details to the agents that have applied, or are applying.

 

[Burnsy2023]

It's sloppy, but ultimately a low threat.

Although that said, harvesting applications could have interesting implications.