lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20031022153918.GA615931@ohm.arago.de>
From: full-disclosure at arago.de (Thomas Binder)
Subject: RE: Linux (in)security

Hi!

On Wed, Oct 22, 2003 at 09:12:12AM -0500, Schmehl, Paul L wrote:
> Now, lest you get your hopes up and think it's possible to
> change the world, read this:
> 
> http://www.ukauthority.com/articles/story898.asp
> 
> After reading this, I had a good cry and then took some aspirin.
> :-(

Of course, what they do not (and most likely cannot) mention is
how many of the passwords entered where just random keystrokes
instead of a real world password.

In fact, I tend to advise people not to completely refuse giving
their password / PIN / etc. when asked for by someone, but to
reluctantly "disclose" something completely wrong. This way, the
attacker might think he's won and - depending on the attacked
system - effectively locks the account he wants to break into.


Ciao

Thomas


-- 
It is better to never have tried anything than to have tried something and
failed.
- motto of jerks, weenies and losers everywhere


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ