Full Disclosure mailing list archives
Re: RE: Linux (in)security
From: Thomas Binder <full-disclosure () arago de>
Date: Wed, 22 Oct 2003 17:39:18 +0200
Hi! On Wed, Oct 22, 2003 at 09:12:12AM -0500, Schmehl, Paul L wrote:
Now, lest you get your hopes up and think it's possible to change the world, read this: http://www.ukauthority.com/articles/story898.asp After reading this, I had a good cry and then took some aspirin. :-(
Of course, what they do not (and most likely cannot) mention is how many of the passwords entered where just random keystrokes instead of a real world password. In fact, I tend to advise people not to completely refuse giving their password / PIN / etc. when asked for by someone, but to reluctantly "disclose" something completely wrong. This way, the attacker might think he's won and - depending on the attacked system - effectively locks the account he wants to break into. Ciao Thomas -- It is better to never have tried anything than to have tried something and failed. - motto of jerks, weenies and losers everywhere _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Linux (in)security Schmehl, Paul L (Oct 22)
- Re: RE: Linux (in)security Thomas Binder (Oct 22)
- RE: RE: Linux (in)security Edward W. Ray (Oct 22)
- RE: RE: Linux (in)security Arcturus (Oct 22)
- Re: RE: Linux (in)security Jeremiah Cornelius (Oct 22)
- Re: RE: Linux (in)security Mr. Rufus Faloofus (Oct 22)
- Re: RE: Linux (in)security Peter Busser (Oct 22)
- Re: RE: Linux (in)security Cael Abal (Oct 22)
- Re: RE: Linux (in)security Peter Busser (Oct 23)
- RE: RE: Linux (in)security Edward W. Ray (Oct 22)
- RE: [inbox] Re: RE: Linux (in)security Curt Purdy (Oct 22)
- RE: [inbox] Re: RE: Linux (in)security Michal Zalewski (Oct 22)
- RE: [inbox] Re: RE: Linux (in)security Ron DuFresne (Oct 23)
- Re: RE: Linux (in)security Thomas Binder (Oct 22)