|
|
On Mon, 15 Oct 2007 12:30:42 -0400, Warp wrote:
> Jim Henderson <nos### [at] nospamcom> wrote:
>> We could do terminal server - how about just dumb terminals?
>
> VT100 rules.
>
> (Ok, I have never actually used a VT100 terminal. I have used a VT220
> one,
> though. Back then it was enough to do everything you had to do... :) )
I think I have used a VT100 terminal. Orange phosphor type screen, IIRC.
:-)
Jim
>> But even more significantly, social engineering attacks lead to more
>> compromise of data than any technical hacking does.
>
> I read recently about a test they did somewhere (I don't remember if
> it was done in Finland or the US). It's surprising how many people will
> write their account name and password on a paper questionnaire simply
> because the questionnaire asks for them.
Yep, but even worse than that is that help desk personnel will tend to
reset passwords for anyone who says they are the person calling in.
Call one:
"Hi, I'm Joe Smith, and I can't seem to get in with my username - isn't
it jsmith?"
"No, it's johnsmith, no spaces, all lowercase."
"Huh, I could've sworn it was jsmith, must've been thinking about a
different system. I'm in now, thanks!"
Followed by a second call to a different tech:
"Hi, I'm Joe Smith, just got back from vacation and I've forgotten my
password, can you reset it for me?"
"Sure, no problem - it's now 'password', and you'll be forced to change
it on your next login."
"Thanks, appreciate it."
Jim
Post a reply to this message
|
|