Re: Unencrypted password security question. at a major university
From: Colin M ("Colin)
Date: 04/08/03
- Previous message: Michael Janke: "Re: Unencrypted password security question. at a major university"
- In reply to: Michael Janke: "Re: Unencrypted password security question. at a major university"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Colin M" <colin (at) wew (dot) co (dot) uk> Date: Tue, 8 Apr 2003 13:51:48 +0100
"Michael Janke" <jankemi@mail.com> wrote in message
news:Mspka.398796$S_4.466923@rwcrnsc53...
> Kent Smith wrote:
> > On 7 Apr 2003 13:18:03 -0700, ryantemp@velophile.com (Ryan) wrote:
> >
> >
> >> Hello, I'm student at an anonymous American college
would that be anonymous or anonymous state U?
> >>name and password for all of these. All the login pages are via the
> >>web, they are all secure (security lock in mozilla, etc.), except for
> >>one. One, for a minor forum, we submit our log and pass unencrypted
> >>across the web.
> >
are you sure they are sending your password enencrypted? (its perfectly
possible to create an MD5 challenge/response using javascript & cgi)
> Quit kicking them. Call the campus paper. Get them to interview a local
> security consultant & write an article. Bad publicity is probably all
> they will listen to. I have an almost daily battle with our own system
> managers and developers about security isssues. Auditors and newspapers
> are the only thing that ever gets them to change their broken ways.
Hear, hear. But make 100% sure that it's not secure first.
HTH
Colin
- Previous message: Michael Janke: "Re: Unencrypted password security question. at a major university"
- In reply to: Michael Janke: "Re: Unencrypted password security question. at a major university"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
