Nevada governor accidentally posts Outlook password

In what could be a whopping security hole, Nevada has posted the password to the gubernatorial e-mail account on its official state Web site. It's "kennyc."

If you ever wanted to be Nevada's governor for a day, it doesn't seem to be that hard.

In what could be a whopping security hole, Nevada has posted the password to the gubernatorial e-mail account on its official state Web site. It appears in a Microsoft Word file giving step-by-step instructions on how aides should send out the governor's weekly e-mail updates, which has, as a second file shows, 13,105 subscribers.

Excerpt from Nevada's state government Web site: How to be the governor for a day. And we're sure he replies to all of his own e-mail as well.

The Outlook username is, by the way, "governor" and the password is "kennyc". We should note at this point that the former Nevada governor, a Republican, is Kenny C. Guinn, which hardly says much about password security.

The current governor of Nevada is Jim A. Gibbons, also a Republican, happens to be widely disliked. His approval rating of 28 percent accomplishes the rare feat of being below President Bush's. It doesn't help, we assume, that Gibbons is facing an FBI probe over possible illegal gifts.

For the record, we didn't try sending fake gubernatorial mail with the "kennyc" password (or "jimmya" either), so we don't know whether it actually works or whether it's been changed for the new administration. Although the listserv's administration interface is publicly-accessible, there might be a firewall that limits connections to the Outlook server, for all we know. Because other accidentally-public documents on the NV.gov site continue to list the "kennyc" password, though, we wouldn't be surprised if the password remained the same.

We did, however, briefly consider that a message titled "Governor_eAlert_07.19.07: Why I am resigning in disgrace" or "Governor_eAlert_07.20.07: Why I am switching to the Libertarian Party," would be more interesting than the run-of-the-mill actual titles like Economic Development Funding Paying Immediate and Long-term Benefits.

Other documents on the Nevada Web site list internal phone numbers and, oddly, because we didn't think anyone in this biz used fax machines anymore, a "PRESS RELEASE BLAST FAX LIST" for our colleagues in the Nevada media.

We did try calling and e-mailing the press office on Friday morning but didn't hear back by our publication deadline. Maybe we would have had better luck if the e-mail inquiry had come from the governor himself...

Note: Reporters are, of course, only as good as their sources. A tip of the hat this time to a fellow who goes by the name of Don Malaria.

Update as of 11am: The offending Web site has been taken offline, although the password files are still available through Google's cache. We did speak to Melissa Subbotin, the governor's press aide, but never got a response in terms of how this happened.

 

Join the discussion

Conversation powered by Livefyre

Show Comments Hide Comments