lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <43C7EE68.8000907@pdx.edu>
Date: Fri Jan 13 18:16:17 2006
From: piercede at pdx.edu (Dean Pierce)
Subject: What is the ulitmate vulnerability ?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Why require passwords?  It's trivial for a malicious user to bypass it,
and inconvenient for the legitimate user at the Denny's across the
street that just wants to check their email.  Of course if you are
sending customer information, or any other sensitive data, the
information should be encrypted (or better yet, not in the air at all).

If an admin doesn't want anyone on their network, then it's their right
to disable it, but I would hardly call offering free Internet a
"security hole".

   - DEAN

K Tucker wrote:
> I know we all get so exited about some very complex
> and ingenious hack, but sometimes the most simple
> thing can be the biggest problem. So many hotels are
> offering wireless network that beams out all over the
> premises and even out to their parking lot. I am
> surprised how many don't even require a password to
> log on. It is so easy for some teenager that want to
> be the "evil genius hacker" to sit in the parking lot
> and do whatever he likes and be untraceable unless you
> physically catch him in the process. As an Admin I am
> tracing more and more hacks from such locations.
> Whenever I stay at a hotel that has easy access
> wireless, I am taking the time to speak to the
> managers and have had some success in getting them to
> secure things up a little. Of course even the best
> protection in such an environment is not an end all,
> but at least it keeps some of the script kiddies from
> doing harm. I would encourage any Admin that reads
> this to take up the same practice. Thanks
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around 
> http://mail.yahoo.com 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2-ecc0.1.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBQ8fuaERnSRvFqE8oAQp4DQ//ZrnEcAkSf9jyWRcrENe0tCQpXpY8rr6N
BzZ1ay+WCKpI+ak1C5e3Qf8JaM+7BvYFaLvGobr2NZgvPzc9ExIjcI1iyRJ5eUe4
OZyWTiDpja64UWF6D0NweoqBNL4tcEFk8KcBNgcKwAqlSRGzi4aEya8+DDvGRaq8
NmQNP2pQ1g2O1qPq/mfkxNs4XgUSJyX5LcxRS03evRKaz6n2q7Zirv6KuOjpm8ky
OQVcqkaSd/nOYaAWgtJ7YVoNp7UD42iQIepcoFKD6pMfCn3iS74fKq9IzTxPFDK8
z746lHMRGHvx+3hekTkbUOEeGGp5aDUXxMqN+GUFdoCuqekgV3F3Ue1xdTI3k+dn
o018Gv9zKLf49OvlBBV96yI9Pm2PBi3/31rR+DId19uDPW/OmVDIVlwXoodVbfJp
I1+w6DWjhVYNhN2zzVQoTvMH9cp3VF5GtPvmHigj8RkmRV/pCgOMf2SztG4n7GLr
IUZkmjLXAg60SwTBCSmYpSBhWFotOhB2z3v+yCMEEOrE7TD2znSyAJssv9zysux/
lj0pCxElvXvdG8BOUXyPAZS4ITDf0W/L08rTSSOU8tiNdmjhlpvr+sbUC7Mqm6ez
rD58Vz6Btr187XJS97Eb1I18ZMKIbUXYczoQcPU0SFJJ7oOWQbVXp5pzhC6zMBc3
qhqckzFyCSc=
=zFiF
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ