Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Password Cracking & Consequences

From: James Riden <j.riden () MASSEY AC NZ>
Date: Fri, 27 Aug 2004 12:38:10 +1200
Scott Bradner <sob () HARVARD EDU> writes:


what is the threat model that leads to teh IT department cracking passwords?

For one: http://www.k-otik.com/exploits/08202004.brutessh2.c.php


why is this not countered by having lockout on failed login attempts?


It is, but in my case, I'm worrying about systems I don't have direct
control over, where as I can do things about people's passwords.

--
James Riden / j.riden () massey ac nz / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.
Previous By Date Next
Previous By Thread Next

Current thread: