[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] RE: Linux (in)security

To: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] RE: Linux (in)security
From: Thomas Binder <full-disclosure@arago.de>
Date: Wed, 22 Oct 2003 17:39:18 +0200

Hi!

On Wed, Oct 22, 2003 at 09:12:12AM -0500, Schmehl, Paul L wrote:
> Now, lest you get your hopes up and think it's possible to
> change the world, read this:
> 
> http://www.ukauthority.com/articles/story898.asp
> 
> After reading this, I had a good cry and then took some aspirin.
> :-(

Of course, what they do not (and most likely cannot) mention is
how many of the passwords entered where just random keystrokes
instead of a real world password.

In fact, I tend to advise people not to completely refuse giving
their password / PIN / etc. when asked for by someone, but to
reluctantly "disclose" something completely wrong. This way, the
attacker might think he's won and - depending on the attacked
system - effectively locks the account he wants to break into.

Ciao

Thomas

-- 
It is better to never have tried anything than to have tried something and
failed.
- motto of jerks, weenies and losers everywhere

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- RE: [Full-Disclosure] RE: Linux (in)security
  - From: "Edward W. Ray" <support@mmicman.com>

References:
- [Full-Disclosure] RE: Linux (in)security
  - From: "Schmehl, Paul L" <pauls@utdallas.edu>

Prev by Date: Re: [Full-Disclosure] RE: Linux (in)security
Next by Date: RE: [Full-Disclosure] RE: Linux (in)security
Previous by thread: Re: [Full-Disclosure] RE: Linux (in)security
Next by thread: RE: [Full-Disclosure] RE: Linux (in)security
Index(es):
- Date
- Thread