Security Basics mailing list archives

Re: Hashing passwords

From: Alexander Klimov <alserkli () inbox ru>
Date: Wed, 13 Jun 2012 17:44:17 +0300

On Tue, 12 Jun 2012, Kurt Buff wrote:

If more staff were fired or otherwise disciplined after it was proved
that they had gotten their company PC infected by navigating to
non-work-related web sites (or performing their work in an unsafe
manner against advice), we'd have a much better security environment -
and the discipline must also apply to C-level execs, as the data they
handle are even more precious than some staffer in shipping.

I've personally cleaned up malware from the CxO's machines at $WORK, 
multiple times, because they a) won't pay attention to my 
recommendations for handling web sites and email and b) won't let me 
block or quarantine executables and suspect documents at the 
gateways that are designed to handle them.


Looks like one uses crutches for so long that he forgets how to walk
normally.

The fact that your computer can be compromised by viewing a web-site 
or reading email means that something it terribly wrong with your 
computer. It is sane to fix bugs in the browser and MUA, to use a 
better SELinux policy to constrain the applications, or to run them 
inside a virtual machine. On the other hand, to blame the user for 
reading mail or browsing Internet is at most an exercise in futility.

-- 
Regards,
ASK

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

Hashing passwords haZard0us (Jun 11)
- Re: Hashing passwords Ansgar Wiechers (Jun 11)
  - Re: Hashing passwords Rory Browne (Jun 11)
    - RE: Hashing passwords Liam Randall (Jun 12)
    - Re: Hashing passwords martin . mngoma (Jun 12)
    - Re: Hashing passwords Kai Wirt (Jun 12)
    - Re: Hashing passwords Kurt Buff (Jun 12)
    - Re: Hashing passwords Ansgar Wiechers (Jun 13)
    - Re: Hashing passwords Kurt Buff (Jun 13)
    - Re: Hashing passwords Alexander Klimov (Jun 13)
    - RE: Hashing passwords Mikhail A. Utin (Jun 13)
    - Re: Hashing passwords Kai Wirt (Jun 13)
  - Re: Hashing passwords Kai Wirt (Jun 11)
    - Re: Hashing passwords gold flake (Jun 12)
    - Re: Hashing passwords Kai Wirt (Jun 12)
- Re: Hashing passwords Jennifer Wachter (Jun 12)
  - Message not available
    - Re: Hashing passwords Jennifer Wachter (Jun 12)
    - RE: Hashing passwords Dave Kleiman (Jun 12)
- Re: Hashing passwords Leon Jacobs (Jun 13)