World Cup security well executed if you don't count the Wi-Fi

Filed Under: Featured, Privacy, Security threats

Without a doubt, the world is watching the World Cup and it has been going swimmingly from a security standpoint.

In fact, the Germans, being one of the most football-obsessed countries in the competition, seem to have all put off honouring their bodily functions until half time and the end of the match, as suggested by information on water consumption in a tweet by @mattyglesias.

WCWater500

In fact Luiz Dorea, head of World Cup security, was proud enough to have his photo taken in the state-of-the-art security centre for the games with its giant video wall and staff hard at work.

WCWifiPassword500

Yes, folks, that is the Wi-Fi SSID and password on the big screen. Right underneath the secret internal email address used to communicate with some Brazilian government agency.

What surprised me the most is that you need to display it on the big screen when it is so simple as to be guessable. The SSID is clearly WORLDCUP and the password appears to be "brazil2014" in leet speak.

In fact it took me longer to find that photo than it would have taken me to guess the password.

Of course, this isn't the first time a class A mistake has been made by photographing a password. Remember this photo of Prince William?

william-password

Strangely, unlike most issues in security that we write about on Naked Security, this one has an extremely simple solution. Almost as simple as not having your nude photos stolen.

Don't write down passwords in public places (or take nudie pics with your cell phone). No sticky notes, white boards, smoke signals, billboards, televisions or even cave walls.

Oh, and while you are at it, choose a better password than the name of the event you are protecting. I suppose that does render the photo less damaging, but that isn't the smartest strategy.


Note: When originally published this story misidentified the source of the photo as the RISCO Group. The photo is in fact of Luiz Dorea.

, , , , , ,

You might like

4 Responses to World Cup security well executed if you don't count the Wi-Fi

  1. LindaB · 121 days ago

    In a recent survey, only 15m people in the UK were even vaguely interested in football or the World Cup, so far more than 75% of the population were just not interested in any way. So "the world is watching the World Cup" is clearly not correct. Especially so of that pattern were replicated in other countries.
    The failure to protect passwords by having it written on a boared and then shown publicly is a stupid mistake that Sophos and others have warned about for years and is inexcusable.
    Pardon me for not getting excited and it, nor the football.

  2. Bruce Porteous · 120 days ago

    A televised interview with a Wimbledon commentator in the commentary box two years ago similarly revealed the internal US network WiFi name and password taped to the wall above the monitor.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.