To LUGNET HomepageTo LUGNET News HomepageTo LUGNET Guide Homepage
 Help on Searching
 
Post new message to lugnet.off-topic.geekOpen lugnet.off-topic.geek in your NNTP NewsreaderTo LUGNET News Traffic PageSign In (Members)
 Off-Topic / Geek / 2862
2861  |  2863
Subject: 
 Re: Security?
Newsgroups: 
 lugnet.off-topic.geek
Date: 
 Tue, 13 Mar 2001 14:20:24 GMT
Viewed: 
 167 times
  
Dave Schuler wrote:

Last week at my job I had the misfortune of attending a mandatory seminar on
Information Security, which amounted to little more than "don't leave
sensitive documents on the bus."  Through the course of it, though, the
lecturer discussed the various commonly-available software systems for
hammering through password protection, and he gave some time projections for
how long it would take to "guess" a certain type of password.
  That's all well and good, but it occurred to me that my system locks me
out if I botch my password three times, so why are these intruder programs
able to make millions of attempts with no problem?  More to the point, why
does my system bother to limit me to three tries, which in practice will
only result in inconvenience to me, since the interloper can apparently make
as many attempts as it wants?

First of all, a lot of systems don't lock out accounts, just because
they are misconfigured, or their admin doesn't realise the danger.
Also, remember that most password hacking will occure offline - the
intruder will somehow (and there are many possible ways), get a copy of
the system passwords, in encrypted form, then download it to his own box
and hammer at the file without alerting anyone...

Dan



Message has 1 Reply:
  Re: Security?
 
(...) Sure, but what's the point of disabling my system after my own bogus attempts? To date, the only one who's been kept out of my system for that reason is me! I mean, why set "3" as the magic number, if external, high-voulme attacks are the big (...) (24 years ago, 13-Mar-01, to lugnet.off-topic.geek)

Message is in Reply To:
  Security?
 
Last week at my job I had the misfortune of attending a mandatory seminar on Information Security, which amounted to little more than "don't leave sensitive documents on the bus." Through the course of it, though, the lecturer discussed the various (...) (24 years ago, 13-Mar-01, to lugnet.off-topic.geek)

8 Messages in This Thread:


Entire Thread on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact

This Message and its Replies on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact
    
Custom Search

©2005 LUGNET. All rights reserved. - hosted by steinbruch.info GbR