Without a doubt, the world is watching the World Cup and it has been going swimmingly from a security standpoint.
In fact, the Germans, being one of the most football-obsessed countries in the competition, seem to have all put off honouring their bodily functions until half time and the end of the match, as suggested by information on water consumption in a tweet by @mattyglesias.
In fact Luiz Dorea, head of World Cup security, was proud enough to have his photo taken in the state-of-the-art security centre for the games with its giant video wall and staff hard at work.
Yes, folks, that is the Wi-Fi SSID and password on the big screen. Right underneath the secret internal email address used to communicate with some Brazilian government agency.
What surprised me the most is that you need to display it on the big screen when it is so simple as to be guessable. The SSID is clearly WORLDCUP and the password appears to be “brazil2014” in leet speak.
In fact it took me longer to find that photo than it would have taken me to guess the password.
Of course, this isn’t the first time a class A mistake has been made by photographing a password. Remember this photo of Prince William?
Strangely, unlike most issues in security that we write about on Naked Security, this one has an extremely simple solution. Almost as simple as not having your nude photos stolen.
Don’t write down passwords in public places (or take nudie pics with your cell phone). No sticky notes, white boards, smoke signals, billboards, televisions or even cave walls.
Oh, and while you are at it, choose a better password than the name of the event you are protecting. I suppose that does render the photo less damaging, but that isn’t the smartest strategy.
Note: When originally published this story misidentified the source of the photo as the RISCO Group. The photo is in fact of Luiz Dorea.
4 comments on “World Cup security well executed if you don’t count the Wi-Fi”
In a recent survey, only 15m people in the UK were even vaguely interested in football or the World Cup, so far more than 75% of the population were just not interested in any way. So “the world is watching the World Cup” is clearly not correct. Especially so of that pattern were replicated in other countries.
The failure to protect passwords by having it written on a boared and then shown publicly is a stupid mistake that Sophos and others have warned about for years and is inexcusable.
Pardon me for not getting excited and it, nor the football.
If anyone in the UK was decent they would watch.
A televised interview with a Wimbledon commentator in the commentary box two years ago similarly revealed the internal US network WiFi name and password taped to the wall above the monitor.
Was it “w1mb13d0n2012” 🙂