Chip Lab Zhao Gong Semiconductor Engineer 2022-03-06 08:23
As the saying goes, "a country cannot stand without defense, and the people have no soldiers to be uneasy," and for any country, the importance of national defense and army building is self-evident. But recently, in the context of the continuous fermentation of the situation between Russia and Ukraine, a news released in 2018 has once again aroused everyone's attention to the Ukrainian defense system.
At that time, according to Alexander Dubinsky, a reporter of the Ukrainian Independent News Agency, the "Dnipro" military automation control system of the Ukrainian armed forces had a very primitive server network protection, the account number was admin, and the password was 123456.
The reporter pointed out that as long as anyone has a computer with Internet access, they can freely access switches, routers, workstations, servers, voice gateways, printers, scanners, etc., so as to explore a large number of confidential documents of the Ukrainian army, including the genus and structure of the troops, and use this network to invade targets.
He said the Ukrainian military is not ignorant of the vulnerability, "the first person to discover the problem was a data expert named Dmitry Vlasyuk, although he reported the security risk in time, but the relevant departments did not pay attention to the matter." Currently, the system still uses admin and 123456 as account passwords. ”
At that time, Dubinsky pointed out in the report that "the Ministry of Defense is not in any hurry to change the password" (Image source: Ukrainian Independent News Agency)
The reporter believes that if the Ukrainian military continues to ignore the issue of cybersecurity, it is planting a time bomb for itself.
In view of the gravity of the matter, he reported the situation to the National Security and Defense Affairs Commission and the Ukrainian Intelligence Service. After waiting for more than a month, the Ukrainian Ministry of Defense responded by asking the Ukrainian Ministry of Defense and other armed forces to ban the use of weak passwords and regularly check all workstations. However, for the security of some IP addresses, they do not think it needs to be strengthened.
But ironically, in several subsequent tests, it was found that some devices with specific IP addresses using the default username and password could still log in. In some cases, computers are able to connect directly to the Ministry of Defense's network and can enter without a password.
"A report must be submitted if you change a password, but no one will take care of it" (Image source: Страна.ua)
This means that in the early years, the account passwords for accessing some servers and computers of the Ukrainian Ministry of Defense were always the simplest admin and 123456. However, now that the conflict between Russia and Ukraine has further intensified, it is presumably that the account password of the Ukrainian Ministry of Defense system has already been upgraded.
In this regard, some netizens said, "I never expected that the account password of the Ukrainian defense system at that time was incredibly simple." Some netizens believe that "the Ukrainian military was also quite big at that time." Some netizens even joked: "The most dangerous password is the most secure."
Screenshot of netizen comments (Image source: Sina Weibo)
In fact, it is not only the Ukrainian military that has a big heart. NordPass publishes a list of the 200 most common passwords every year. The list details the password itself, how long it will take to crack it, and how many times it appears in research. Surprisingly, the latest list has barely changed compared to the previous year.
That said, a lot of people are still using incredibly weak and ordinary passwords in the last two years, and these passwords can be easily cracked.
According to NordPass's latest "List of the Most Common Passwords for 2021", the most common password last year was 123456. This incredibly common password appeared more than 103 million times in NordPass's study and took less than 1 second to crack (in fact, every password in the top ten and all the passwords in the top fifty can be cracked in 1 second).
The second to fifth places are 123456789, 12345, qwerty, and password.
It should also be pointed out that 1q2w3e4r, qwerty123, myspace1, and michelle have all become the most difficult passwords on this list with 3 hours of cracking time.
List of the most common passwords in 2021 (Image: NordPass)
In addition to the password list, NordPass also identified the countries most affected by the data breach. Among them, the United States, Chile, Australia, New Zealand, Russia, France, Italy and Germany are the first.
In this regard, some security experts suggest that setting a password should meet three points as much as possible: first, the password length is best 8 digits or more; second, the password has no obvious composition law; third, try to use more than three symbols, such as "letters + numbers + special symbols".
Finally, what are the tips when setting up passwords? Welcome to leave a message to communicate, I promise not to say it
Source: 21ic Electronic Network
Semiconductor engineer
Semiconductor experience sharing, semiconductor achievement exchange, semiconductor information release. Semiconductor industry dynamics, semiconductor practitioners career planning, chip engineers growth process.