Educause Security Discussion mailing list archives
Re: Password Cracking & Consequences
From: Justin Azoff <JAzoff () UAMAIL ALBANY EDU>
Date: Fri, 27 Aug 2004 12:52:55 -0400
Michael Mills wrote:
Actually is does matter. If the IT staff "Cracks" users accounts then the IT staff can log on as that user and do as they wish (any department for that matter). However if that same IT person changes that users password and then logs on as that person, an audit trail is created. Even if that IT user would delete that audit trail, that deletion would show up in the audit trail. So again, I stress the point that under no circumstances should ANYONE know ANYONE else's password, weather it is by "cracking" or by asking someone their password.
Are you aware that there is a program called "su" in unix, and windows has "Run as..."? What about adding their ssh key to ~user/.ssh/authorized_keys and then logging in as them over the network, no password required? If someone on the IT staff wanted to do something on a users account they do not need to know the users password. Cracking a users password is not about knowing their password, it is about knowing that they have a weak password. -- -- Justin Azoff -- Network Performance Analyst ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Re: Password Cracking & Consequences, (continued)
- Re: Password Cracking & Consequences Gary Flynn (Aug 27)
- Re: Password Cracking & Consequences Lucas, Bryan (Aug 27)
- Re: Password Cracking & Consequences Justin Azoff (Aug 27)
- Re: Password Cracking & Consequences Michael Mills (Aug 27)
- Re: Password Cracking & Consequences Christian Wilson (Aug 27)
- Re: Password Cracking & Consequences Theresa M Rowe (Aug 27)
- Re: Password Cracking & Consequences Theresa M Rowe (Aug 27)
- Re: Password Cracking & Consequences Gary Flynn (Aug 27)
- Re: Password Cracking & Consequences Eric Pancer (Aug 27)
- Re: Password Cracking & Consequences Christian Wilson (Aug 27)
- Re: Password Cracking & Consequences Justin Azoff (Aug 27)
- Re: Password Cracking & Consequences Scott Bradner (Aug 27)
- Re: Password Cracking & Consequences Scott Bradner (Aug 27)
- Re: Password Cracking & Consequences Gary Flynn (Aug 27)
- Re: Password Cracking & Consequences Gary Flynn (Aug 27)
- Re: Password Cracking & Consequences Michael Mills (Aug 27)
- Re: Password Cracking & Consequences Scott Bradner (Aug 27)
- Re: Password Cracking & Consequences Michael Mills (Aug 27)
- Re: Password Cracking & Consequences Michael Mills (Aug 27)
- Re: Password Cracking & Consequences Mike Austin (Aug 27)
- Re: Password Cracking & Consequences Davis, Thomas R. (Aug 27)
(Thread continues...)