Re: Password Pride - A Humorous Vulnerability

[admin () iflipyouoff com]

I think it is your "trust-provoking" English accent!

The biggest challenge is the human condition where people are always "depending on the kindness of strangers". (Taken 
from "A Streetcar named
Desire") We are in an industry where mistrust, despair, and skepticism are more beneficial than sheer kindness and 
helpfulness.  The term "social engineering" is false. It should be called "social exploitation"
as the attacker is merely taking advantage basic human nature.

So, what was his password?

-Paul Moore
 Security & Business Continuity
 FedEx Express Corporation



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of andy cuff
Sent: Monday, January 15, 2007 11:26 AM
To: security-basics () securityfocus com
Subject: Password Pride - A Humorous Vulnerability

I thought I'd share a recent observation with the list.

I was in a bar in San Francisco where my English accent has a habit of=20 stimulating conversation with total 
strangers, in this case it was with a=20 webmaster (sadly not webmistress) of a dubious website hosted in Amsterdam 
(I=20 don't think I need to expand on the nature of the site;)  I mentioned that I=20 was passionate about Information 
Security, whereupon, he proceeded to tell me=20 his root password, as he was so proud about how hard it would be to 
crack!  If=20 this was an isolated incident I wouldn't mention it.  However, these instances=20 are becoming ever more 
frequent, is it my trustworthy face or are others

experiencing similar errors of judgement?

Best Regards


Andy Cuff
Computer Network Defence Ltd
www.SecurityWizardry.com


http://www.iflipyouoff.com/
Send and "e-Bird" today!