Re: Password (User) Insecurity
From: Murad Talukdar (talukdar_m_at_subway.com)
Date: 04/22/04
- Previous message: Chris: "ftp administration question.."
- In reply to: Al Cooper: "Password (User) Insecurity"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Al Cooper" <alc@tlynx.com>, <security-basics@securityfocus.com> Date: Thu, 22 Apr 2004 12:47:27 +1000
I've done the old trick of ringing users up and saying I'm from HQ and then
saying what's your password?
Works every time. Next I tell them off and also people who tape their pwds
to their monitors...never needed the chocolate. And because our office has a
pass coded door everyone thinks they're safe or that Bill from Accounts is
trustworthy...there are supposedly more 'attacks' from in then outside the
perimeter...
Murad Talukdar
----- Original Message -----
From: "Al Cooper" <alc@tlynx.com>
To: <security-basics@securityfocus.com>
Sent: Wednesday, April 21, 2004 2:17 AM
Subject: Password (User) Insecurity
> There is an article on Slashdot this morning about how easy it is to use
> social engineering/bribes on users to get their passowrd(s).
>
> http://slashdot.org/articles/04/04/20/1159207.shtml?tid=126&tid=172
>
> I am interested in what the community is doing to protect user passwords,
> and if there are any technologies that are currently deployable, that will
> eliminate or reduce the need for passwords (biometrics, etc.)
>
> Thanks,
>
>
>
>
> --------------------------------------------------------------------------
-
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
> any course! All of our class sizes are guaranteed to be 10 students or
less
> to facilitate one-on-one interaction with one of our expert instructors.
> Attend a course taught by an expert instructor with years of in-the-field
> pen testing experience in our state of the art hacking lab. Master the
skills
> of an Ethical Hacker to better assess the security of your organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> --------------------------------------------------------------------------
-- > > --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
- Previous message: Chris: "ftp administration question.."
- In reply to: Al Cooper: "Password (User) Insecurity"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
