Full Disclosure mailing list archives

Re: RE: Linux (in)security

From: Thomas Binder <full-disclosure () arago de>
Date: Wed, 22 Oct 2003 17:39:18 +0200

Hi!

On Wed, Oct 22, 2003 at 09:12:12AM -0500, Schmehl, Paul L wrote:

Now, lest you get your hopes up and think it's possible to
change the world, read this:

http://www.ukauthority.com/articles/story898.asp

After reading this, I had a good cry and then took some aspirin.
:-(


Of course, what they do not (and most likely cannot) mention is
how many of the passwords entered where just random keystrokes
instead of a real world password.

In fact, I tend to advise people not to completely refuse giving
their password / PIN / etc. when asked for by someone, but to
reluctantly "disclose" something completely wrong. This way, the
attacker might think he's won and - depending on the attacked
system - effectively locks the account he wants to break into.


Ciao

Thomas


-- 
It is better to never have tried anything than to have tried something and
failed.
- motto of jerks, weenies and losers everywhere

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

RE: Linux (in)security Schmehl, Paul L (Oct 22)
- Re: RE: Linux (in)security Thomas Binder (Oct 22)
  - RE: RE: Linux (in)security Edward W. Ray (Oct 22)
    - RE: RE: Linux (in)security Arcturus (Oct 22)
    - Re: RE: Linux (in)security Jeremiah Cornelius (Oct 22)
    - Re: RE: Linux (in)security Mr. Rufus Faloofus (Oct 22)
    - Re: RE: Linux (in)security Peter Busser (Oct 22)
    - Re: RE: Linux (in)security Cael Abal (Oct 22)
    - Re: RE: Linux (in)security Peter Busser (Oct 23)
    - RE: [inbox] Re: RE: Linux (in)security Curt Purdy (Oct 22)
    - RE: [inbox] Re: RE: Linux (in)security Michal Zalewski (Oct 22)
    - RE: [inbox] Re: RE: Linux (in)security Ron DuFresne (Oct 23)

(Thread continues...)