RE: securing password list

• Previous message: Rick Zhong: "Re: OSSIM - input"
• Maybe in reply to: beevoo8_at_hotmail.com: "securing password list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: 'Jeremy McBane' <Jeremy@devcocomputers.com>, security-basics@securityfocus.com
Date: Wed, 24 Mar 2004 09:35:38 -0800

A really excellent point, Jeremy. In a previous job I had to assist in data
recovery from a "fireproof" cabinet. The cabinet may have been flame-proof,
but was definitely not fireproof. In fact, (bear in mind this was in the
80's) the backup data was stored on 10 & 1/2" tape. When we laid the leader
of the first tape out on a table it had a 6 degree arc. The tape spindle
itself was severely distorted. On some sections of tape the iron oxide
separated from the Mylar backing. All in all, a terrific mess. The fire
started in the building floor below the room where the cabinet was located.
BTW: we were able to recover 98% of the data and performed the work for no
charge to our customer.

Thanks!
Samuel S. Fahr
Statewide Fingerprint Imaging System
916 229-3310 (office)
916 798-3089 (cellular)

-----Original Message-----
From: Jeremy McBane [mailto:Jeremy@devcocomputers.com]
Sent: Tuesday, March 23, 2004 10:15 AM
To: security-basics@securityfocus.com
Subject: RE: securing password list

In reference to a fireproof box, what kind of media is not vulnerable to
melting within from the intense heat?

--
Jeremy McBane
Devco Computers
Jeremy@devcocomputers.com
337.993.3212
--
-----Original Message-----
From: Josh Mills [mailto:JMills@cnbwaco.com] 
Sent: Friday, March 19, 2004 7:17 PM
To: Dan Denton; beevoo8@hotmail.com; security-basics@securityfocus.com
Subject: RE: securing password list
I have a similar setup, I have an off network linux box behind two secured
doors and i make a weekly backup that is stored in an offsite fireproof box
along with all of my other backup tapes.
-----Original Message-----
From: Dan Denton [mailto:ddenton@PAYLESSOFFICE.com]
Sent: Friday, March 19, 2004 12:02 PM
To: beevoo8@hotmail.com; security-basics@securityfocus.com
Subject: RE: securing password list
I keep out password lists in an off-network linux box in a secured room, for
which only I know the password. Of course if anyone else gains access to the
room they could snag the whole CPU, but it's unlikely here. I also keep a
weekly backup on floppy in a locked firesafe.
-----Original Message-----
From: beevoo8@hotmail.com [mailto:beevoo8@hotmail.com] 
Sent: Thursday, March 18, 2004 11:52 AM
To: security-basics@securityfocus.com
Subject: securing password list
In my job I have a number of username/passwords to various websites and
machines that I must keep track of.  I was soliciting ideas on how to store
these passwords securely.  
Encrypting them with a passphrase seems counterproductive since the file may
not be accessed for a while and the passphrase might be forgotten. Would
biometrics be a safer idea? What security methods do you use to secure a
list such as this? 
Any suggestions would be appreciated.
------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization.
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.639 / Virus Database: 408 - Release Date: 3/22/2004
 
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.639 / Virus Database: 408 - Release Date: 3/22/2004
 
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

• Previous message: Rick Zhong: "Re: OSSIM - input"
• Maybe in reply to: beevoo8_at_hotmail.com: "securing password list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]