[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20031022153918.GA615931@ohm.arago.de>
From: full-disclosure at arago.de (Thomas Binder)
Subject: RE: Linux (in)security
Hi!
On Wed, Oct 22, 2003 at 09:12:12AM -0500, Schmehl, Paul L wrote:
> Now, lest you get your hopes up and think it's possible to
> change the world, read this:
>
> http://www.ukauthority.com/articles/story898.asp
>
> After reading this, I had a good cry and then took some aspirin.
> :-(
Of course, what they do not (and most likely cannot) mention is
how many of the passwords entered where just random keystrokes
instead of a real world password.
In fact, I tend to advise people not to completely refuse giving
their password / PIN / etc. when asked for by someone, but to
reluctantly "disclose" something completely wrong. This way, the
attacker might think he's won and - depending on the attacked
system - effectively locks the account he wants to break into.
Ciao
Thomas
--
It is better to never have tried anything than to have tried something and
failed.
- motto of jerks, weenies and losers everywhere
Powered by blists - more mailing lists