-
Saving the world one computer at a time...
or possibly destroying, I haven't figured that out yet. -
Re: Twitter hacked again
Stop hackers!!! there's no stopping us, didn't you know that.
We can launch nuclear missiles over the phone with a Captain Crunch kazoo.
Yes I couldn't agree with you more. Someone needs to be watching the store. Vigilance perhaps above all things is a security professional greatest tool.
xorJust because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.Comment
-
Saving the world one computer at a time...
or possibly destroying, I haven't figured that out yet.Comment
-
Re: Twitter hacked again
Actually, that's the kind of password that I suggest to my client's users. Take a phrase that is familiar to them from a hobby, book, or favorite line from TV or movie. Run it all together, and throw in a few numbers or other characters.
That gives them something that is complex, yet they should able to recall relatively easily.
A couple of examples, from a Casablanca fan:
r1cksCAFEamerican
Every1Comes2Ricks
M4jorStr4sserHasBeenSh0t&RoundUpTheUsualSuspects
Louis1ThinkThisIsTheBeginningOfABe4utifulFriend-ship
I doesn't always work though, as I still find Post-It notes with passwords under keyboards.
Anything that gives HR people ulcers can't be all bad.Thorn
"If you can't be a good example, then you'll just have to be a horrible warning." - Catherine AirdComment
-
Thorn
"If you can't be a good example, then you'll just have to be a horrible warning." - Catherine AirdComment
-
Re: Twitter hacked again
OHHHHH.....
my age is showing cause I've still never seen that movie....
xPSaving the world one computer at a time...
or possibly destroying, I haven't figured that out yet.Comment
-
Re: Twitter hacked again
to bad about the ahi encontre jajaj It must Twiker a gymnast I'm The-Jakue because I am Latino and I hope to learn from you and you learn from me. .Comment
-
Re: Twitter hacked again
sigh..
So in mentioning superman, it reminded me that the last time I ran a DoD audit about 12% of the passwords were some form of "superman". Strangely, nobody had a password called "overbearingego" or "napoleoncomplex".
But that was a few years ago, maybe they have moved on to transformers underwear now.----------------------------------------
Fraternal Order of Locksport
Comment
-
Re: Twitter hacked again
Passwords are a problem people try to tackle from the wrong place. You can force people to do all sorts of god awful things to make it "more secure" but you will find that people will just find another way of compromising their security. I think the situation needs to be tackled on 2 fronts.
Firstly making sure techs don't do stupid things. Max password limits of 8? Fuck off (note: sorry for swearing but this is a stupid limit), its 2009 and we only have the computing capacity to handle the computation of 8 character passwords?
Secondly I do think good password creation should be taught in schools. I did a general computing course in school and it taught me endless useless things that I will never need but we can't add a module on good security practices and passwords creation?Comment
-
Re: Twitter hacked again
The military pretty much guarantees that people will write down their passwords. Greater than 8 characters, has to have a capital, punctuation, and number. Can't be any part of your name or social. Gets changed every 60 days and you can't use the last 35 passwords over. It also won't let you just add a letter/number to the last password.Comment
-
Re: Twitter hacked again
Doesn't Twitter allow unlimited logon attempts? That is a problem."\x74\x68\x65\x70\x72\x65\x7a\x39\x38";Comment
-
Re: Twitter hacked again
I think the primary focus here shouldn't really be twitter getting 'hacked' since it really wasn't per se. It was more of a good social engineering attack against one of their people and the lax way that YahooMail handles password resets.
Obviously the guy was an idiot for storing his twitter password in his yahoo mail account. But at the same time, it would appear that Yahoo needs to take a serious look at their own system for password changes. Obviously they shouldn't be using password reminder questions that are so easily guessed or researched. My bank has some interesting questions that they use for authentication. Two that I can recall are "Name of first girlfriend/boyfriend" and "Maternal Grandmother's first name." Both of which would be very difficult to research.
Of course, it would be wise to make the answers to those questions just as complex as your password, so even if someone did happen to find the answer, they wouldn't know how you entered it.A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.Comment
-
Re: Twitter hacked again
jajajajja is very funny this shitComment
-
Re: Twitter hacked again
Exactly. One doesn't need to go as far as a 20+ digit alphanumeric string with a couple of symbols tossed in for "what's your father's middle name?" Something as simple as intentionally mis-spelling the answer, dicking with capitalization, or using a relatively simple string that you're reminded of would generally suffice. Alas, that's about as common a practice as using a solid password in the first place. No matter what training and scolding you give the masses, you will still find pet's names with a zip code tossed after it, passwords emailed to one's self, and post-it's stuck to a variety of objects near workstations, and my personal favorite, taped to a laptop palm-rests. It's a never ending battle.
On a separate note, Xor: "sex"? Really? Come on, everyone knows real men use "god"."You have cubed asscheeks?"... "Do you not?"Comment
Tweet
Comment