Educause Security Discussion mailing list archives
Re: Passwords & Passphrases
From: Bob Bayn <Bob.Bayn () USU EDU>
Date: Mon, 19 Nov 2007 19:06:53 -0700
--- Begin Message ---Gene spafford wrote from Purdue:I track these things, and I cannot recall the last time I saw any report of an incident caused by a guessed password. Most common incidents are phishing, trojans, snooping, physical theft of sensitive media, and remote exploitation of bugs.What finally prompted us to get off our "any 4 or more characters" butts was dictionary attacks that were hitting our proxy server and VPN server from Chinese IP addresses. Once past our firewall through proxy or VPN they are able to snoop our network from inside probing machines undetected, and do unappreciated things like download subscription databases from the library until the provider got suspicious of the traffic. That doesn't leave me feeling like I'm just pretending to provide security by doing something easy that looks important. We still deal with phishing, trojans and all manner of scanning probes for vulnerabilities and all those things that make us feel like we really are earning our paycheck. Bob Utah State University
--- End Message ---
Current thread:
- Re: Passwords & Passphrases, (continued)
- Re: Passwords & Passphrases Roger Safian (Nov 19)
- Re: Passwords & Passphrases Roger Safian (Nov 19)
- Re: Passwords & Passphrases Harold Winshel (Nov 19)
- Re: Passwords & Passphrases Steven Alexander (Nov 19)
- Re: Passwords & Passphrases Alex (Nov 19)
- Re: Passwords & Passphrases Harold Winshel (Nov 19)
- Re: Passwords & Passphrases Harold Winshel (Nov 19)
- Re: Passwords & Passphrases Peters, Kevin (Nov 19)
- Re: Passwords & Passphrases Gene Spafford (Nov 19)
- Re: Passwords & Passphrases Peters, Kevin (Nov 19)
- Re: Passwords & Passphrases Bob Bayn (Nov 19)
- Re: Passwords & Passphrases Gene Spafford (Nov 19)
- Re: Passwords & Passphrases Mike Iglesias (Nov 19)
- Re: Passwords & Passphrases Benjamin Bennett (Nov 19)
- Re: Passwords & Passphrases Eric Case (Nov 19)
- Re: Passwords & Passphrases Harold Winshel (Nov 20)
- Re: Passwords & Passphrases Gary Dobbins (Nov 20)
- Re: Passwords & Passphrases Peters, Kevin (Nov 20)
- Re: Passwords & Passphrases Mike Porter (Nov 20)
- Re: Passwords & Passphrases Willis Marti (Nov 20)
- Re: Passwords & Passphrases Bob Bayn (Nov 20)
(Thread continues...)