Re: Password (User) Insecurity

From: Murad Talukdar (talukdar_m_at_subway.com)
Date: 04/22/04

  • Next message: Phillip McCollum: "Re: VOIP Security"
    To: "Al Cooper" <alc@tlynx.com>, <security-basics@securityfocus.com>
    Date: Thu, 22 Apr 2004 12:47:27 +1000
    
    

    I've done the old trick of ringing users up and saying I'm from HQ and then
    saying what's your password?
    Works every time. Next I tell them off and also people who tape their pwds
    to their monitors...never needed the chocolate. And because our office has a
    pass coded door everyone thinks they're safe or that Bill from Accounts is
    trustworthy...there are supposedly more 'attacks' from in then outside the
    perimeter...
    Murad Talukdar

    ----- Original Message -----
    From: "Al Cooper" <alc@tlynx.com>
    To: <security-basics@securityfocus.com>
    Sent: Wednesday, April 21, 2004 2:17 AM
    Subject: Password (User) Insecurity

    > There is an article on Slashdot this morning about how easy it is to use
    > social engineering/bribes on users to get their passowrd(s).
    >
    > http://slashdot.org/articles/04/04/20/1159207.shtml?tid=126&tid=172
    >
    > I am interested in what the community is doing to protect user passwords,
    > and if there are any technologies that are currently deployable, that will
    > eliminate or reduce the need for passwords (biometrics, etc.)
    >
    > Thanks,
    >
    >
    >
    >
    > --------------------------------------------------------------------------
    -
    > Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    > any course! All of our class sizes are guaranteed to be 10 students or
    less
    > to facilitate one-on-one interaction with one of our expert instructors.
    > Attend a course taught by an expert instructor with years of in-the-field
    > pen testing experience in our state of the art hacking lab. Master the
    skills
    > of an Ethical Hacker to better assess the security of your organization.
    > Visit us at:
    > http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    > --------------------------------------------------------------------------

    --
    >
    >
    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
    any course! All of our class sizes are guaranteed to be 10 students or less 
    to facilitate one-on-one interaction with one of our expert instructors. 
    Attend a course taught by an expert instructor with years of in-the-field 
    pen testing experience in our state of the art hacking lab. Master the skills 
    of an Ethical Hacker to better assess the security of your organization. 
    Visit us at: 
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------
    

  • Next message: Phillip McCollum: "Re: VOIP Security"

    Relevant Pages

    • Fwd: antivirus for linux
      ... CA Antivirus for Linux. ... >> pen testing experience in our state of the art hacking lab. ... > Ethical Hacking at the InfoSec Institute. ...
      (Security-Basics)
    • Re: Requesting info: VPN solution
      ... Peter Martin wrote: ... > Ethical Hacking at the InfoSec Institute. ... > pen testing experience in our state of the art hacking lab. ... Master the skills ...
      (Security-Basics)
    • Re: Network Traffic Monitor
      ... > Ethical Hacking at the InfoSec Institute. ... > pen testing experience in our state of the art hacking lab. ... > of an Ethical Hacker to better assess the security of your organization. ... Master the skills ...
      (Security-Basics)
    • Re: IIS graphic tools
      ... > Subject: IIS graphic tools ... > Ethical Hacking at the InfoSec Institute. ... > pen testing experience in our state of the art hacking lab. ... Master the skills ...
      (Security-Basics)
    • Re: Strange pings from 127.0.0.1
      ... >within our 192.168.1.* network as well as to random Internet addresses. ... >Ethical Hacking at the InfoSec Institute. ... >pen testing experience in our state of the art hacking lab. ... Master the skills ...
      (Security-Basics)