Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Highlighting weak password dangers

From: anesde <anesde () gmail com>
Date: Wed, 31 Jan 2007 17:22:51 +0200
Doing it (use a password cracker) once or twice to present the
importance of selecting strong passwords maybe a good idea. But doing
that in the context of a security compliance initiative may cause
problems, since it will make you aware of user passwords and raise
accountability issues.

just my 2cents,
Anestis


On 1/30/07, Alexander Bolante <alexander.bolante () gmail com> wrote:

out of curiosity - are you doing this as part of a security compliance
initiative? or just to present to your current user community the
importance of using strong passwords in adherence w/ security policy?

On 1/24/07, WALI <hkhasgiwale () gmail com> wrote:
>
>
> I want to highlight the danger of using weak passwords on servers and users
> admin desktops. I have tested TSgrinder with a basic dictionary Brute Force
> to access Remote Desktop exploit on both servers and desktops. The problem
> here is that when connected to domain, the Account Lockout feature disables
> the account quite soon. I can only show the exploit on machines not
> connected to the domain where Domain Security policy doesn't flow down.
>
> What are other interesting and intriguing ways to present this problem? I
> also need a system to do Passwords Audit on my domain and make then 'secure
> password' policy compliance.
>
>


--
DISCLAIMER
This message contains confidential information and is intended only
for the individual named. If you are not the named addressee you
should not disseminate, distribute or copy this e-mail. Please notify
the sender immediately by e-mail if you have received this e-mail by
mistake and delete this e-mail from your system.
Previous By Date Next
Previous By Thread Next

Current thread: