Security Basics mailing list archives
Re: Password (User) Insecurity
From: "Murad Talukdar" <talukdar_m () subway com>
Date: Thu, 22 Apr 2004 12:47:27 +1000
I've done the old trick of ringing users up and saying I'm from HQ and then saying what's your password? Works every time. Next I tell them off and also people who tape their pwds to their monitors...never needed the chocolate. And because our office has a pass coded door everyone thinks they're safe or that Bill from Accounts is trustworthy...there are supposedly more 'attacks' from in then outside the perimeter... Murad Talukdar ----- Original Message ----- From: "Al Cooper" <alc () tlynx com> To: <security-basics () securityfocus com> Sent: Wednesday, April 21, 2004 2:17 AM Subject: Password (User) Insecurity
There is an article on Slashdot this morning about how easy it is to use social engineering/bribes on users to get their passowrd(s). http://slashdot.org/articles/04/04/20/1159207.shtml?tid=126&tid=172 I am interested in what the community is doing to protect user passwords, and if there are any technologies that are currently deployable, that will eliminate or reduce the need for passwords (biometrics, etc.) Thanks, --------------------------------------------------------------------------
-
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or
less
to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html --------------------------------------------------------------------------
--
--------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Password (User) Insecurity Al Cooper (Apr 20)
- Re: Password (User) Insecurity Nick Owen (Apr 24)
- Re: Password (User) Insecurity Murad Talukdar (Apr 24)