Submitted via IRC for TheMightyBuzzard
After a false alert about an inbound missile, Hawaii's Emergency Management Agency has said a worker clicked the wrong item in a drop-down menu and sent it, and that its system was not hacked. But Hawaii News Now is reporting an AP photo from July has resurfaced, showing the agency's operations officer in front of monitors, attached to one of them is a Post-it note with a password on it.
Just.... wow. I'm nearly at a loss for words on how big of a screw up this is. And from the response of the spokesman sounds like this was a shared password, therefore no way to link it to a specific careless employee.
Richard Rapoza, emergency management agency spokesman, confirmed that the password is authentic and was actually used for an "internal application." He said he didn't believe that application is any longer in use, but declined to say what application the password was for.
Source: https://www.hardocp.com/news/2018/01/17/hawaii_emergency_management_password_found_in_press_photo/
(Score: 1, Insightful) by Anonymous Coward on Friday January 19 2018, @08:10PM
I agree completely with this for general-use code. Joe Snapchat or Grandma would mess this one up because it's an awfully ugly UI.
My problem is that the operator should be well aware that there's a DRILL and a OH-SHIT option on this page before they even sit down at the machine. I think we can assume some training on the system and how it works beforehand, so the fact that you can really ruin a lot of peoples' days should have been in the back of the operator's mind. They also probably had more than a few seconds to make the choice. Given the responsibility here, I think it's reasonable to expect them to take the time to actually read and confirm what they're doing.
If they really did just select the 4th option because that's what they did yesterday, well... it's definitely good we found this out now. Maybe they would have taken the extra time during a real emergency situation to check that they were selecting the OH-SHIT and not the DRILL option, but it's probably best not to count on that.