13 Mar
2020
13 Mar
'20
12:21 p.m.
The trial of an ex-CIA operative accused of leaking some military-grade hacking tools <https://www.schneier.com/blog/archives/2020/03/cia_dirty_laund.html> has exposed some embarrassing details about the security practices of an organization that, you would expect, has security as its core mission. They regularly used (and freely circulated) rubbish passwords for services on their intranet for the elite “Operational Support Branch”, the excuse being that access to that intranet was already being tightly controlled. The old adage that “a system is only as secure as its weakest point”? They have heard of it...