[Infowarrior] - Security researcher stumbles across embassy e-mail log-ins

[Richard Forno]

Security researcher stumbles across embassy e-mail log-ins

By Eric Bangeman | Published: August 30, 2007 - 10:36PM CT

http://arstechnica.com/news.ars/post/20070830-security-researcher-stumbles-a
cross-embassy-e-mail-log-ins.html

Security consultant Dan Egerstad has managed to snag usernames and passwords
for over 100 e-mail accounts belonging to embassy employees around the
world. According to Computer Sweden, which was able to check that some of
the data was accurate, the embassies affected include India, Russia,
Uzbekistan, Kazakhstan, and Iran, along with a British office in Nepal.

Egerstad said he found the data inadvertently after some security-related
research. "I did some experimentation and came across the information
accidentally," Egerstad told Computer Sweden.

Of the embassies affected, only Russia has yet to own up to the problem.
Roman Mironov, the head secretary at the Russian embassy in Stockholm, told
a Swedish television station that the information is accurate, but no longer
relevant since the login information has been changed. The Indian embassy
refused Computer Sweden's requests for comment.

Computer Sweden says that it has confirmed other aspects of Egerstad's
account without trying to log into any of the compromised accounts, but has
decided against naming or linking to the web site where the data was posted.

Given that the data obtained appears to be confined to e-mail login
information, the potential for damage appears to be limited. Egerstad hopes
that his finding the data proves to be an eye-opening experience for the
embassy staff. "I hope this leads them to take action," Egerstad told
Computer Sweden. "And I hope they become a bit more aware of security
issues."

Thanks to Anders Bylund for the translation help.