 |
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>> Especially when some stupid system forces you to change it every month.
>
> ...and this is bad because...?
You try coming up with a different strong password every month, *and*
remembering it without writing it down. I doubt I'm the only user of this
system who needs to write the password somewhere. I wonder if security
would actually be improved by removing the 1 month expiry.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Fri, 04 Jul 2008 14:21:48 +0200, scott wrote:
>>> Especially when some stupid system forces you to change it every
>>> month.
>>
>> ...and this is bad because...?
>
> You try coming up with a different strong password every month, *and*
> remembering it without writing it down. I doubt I'm the only user of
> this system who needs to write the password somewhere. I wonder if
> security would actually be improved by removing the 1 month expiry.
There have been studies done that suggest that changes that are too
frequent reduce security for just this reason.
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
scott wrote:
> You try coming up with a different strong password every month, *and*
> remembering it without writing it down.
...I do this every month?
I mean, I guess it depends on how strong you consider to be "strong".
> I wonder if
> security would actually be improved by removing the 1 month expiry.
Perhaps making the expiry a little longer would help.
The idea of course is that the faster the password expires, the less
time a potential attacker has to try to crack your password. (And just
in case an attacker does eventually get your password, changing it puts
them back to square one.)
So I guess it's just a question of how long is "long enough".
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Jim Henderson wrote:
>
> On the flip side of that, it's the sysadmin's responsibility to act in a
> trustworthy way. I *always* had access to financial information, salary
> information, and the like, and I *never* *ever* abused my authority to
> see what my peers were making or find out how much the CEO was making. I
> honestly just didn't care - it's not as if knowing that is going to get
> me a raise anyways.
>
On a sysadmin job (or janitor, or any other really important
caretaker-job) there exists that little something called "work ethics".
> Jim
--
Eero "Aero" Ahonen
http://www.zbxt.net
aer### [at] removethis zbxtnetinvalid
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Jim Henderson wrote:
> On Fri, 04 Jul 2008 12:06:01 +0100, Invisible wrote:
>
>> Worrying fact: 50% of the population has below-average intelligence.
>> (!!!)
So... If we have 4 men, with intelligences 1, 8, 9 and 9, the average is
(1+8+9+9)/4=6,75, so 75% of men are more intelligent than average person
(who, if he existed, would be over 6 times as intelligent as the dumpest
one).
> LOL, but mathematically sound. More worrying is the 80% who think
> they're above average drivers.
Measuring a best driver is very relative. My opinion is that there's a
triangle, having endpoints of speed, economy and safety. If the car
won't move, you're safe and economic, but you're not getting anywhere.
If you'll take a risk, you'll lose safety and economy and gain speed.
And ie. when overtaking someone increasing speed might gain you safety,
but it'll reduce the economy. So basically you can't have 100% of all
three of them - increasing one decreases at least one other. People have
different *opinions* of what's the best placement on this map, ie. what
combination of the three they are heading for, so it's very easy to
think that "I'm better than the average" for 80+%, since the goal is
different. Who's the best driver for some (good speed, high safety,
average economy for example) is the worst driver for some (who would
prefer great economy, average safety and average speed).
In my opinion, five nines of safety (99,999%), average economy and
good/stable speed is the best spot to go for. But that's my *opinion*,
not The Only Real Truth.
--
Eero "Aero" Ahonen
http://www.zbxt.net
aer### [at] removethiszbxtnetinvalid
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>>> Worrying fact: 50% of the population has below-average intelligence.
>>> (!!!)
>
> So... If we have 4 men, with intelligences 1, 8, 9 and 9, the average is
> (1+8+9+9)/4=6,75, so 75% of men are more intelligent than average person
> (who, if he existed, would be over 6 times as intelligent as the dumpest
> one).
Sure. And nobody actually has 4.2 children. But that doesn't mean it's
not a meaningful concept.
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
"Jim Henderson" <nos### [at] nospamcom> wrote in message
news:486deaf7$1@news.povray.org...
> On Fri, 04 Jul 2008 09:03:49 +0100, Invisible wrote:
>
> > Er... like, WTF?
>
> That said, there are ways, for example, to prevent a sysadmin from seeing
> files in a filesystem.
And there are ways (at least in SQL Server) to keep the windows sysadmins
out of a database, however you can't stop them shutting down the service and
taking the data files or changing the passwords of the accounts that do have
sysadmin rights.
We've done that as a standard across the organisation, along with ensuring
that the database administrators don't have administrative rights to the OS.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Gail Shaw wrote:
> I was in a training course once with a whole bunch of sysadmins (windows
> server 2003) and while the instructor was out of the room, one was boasting
> that he could surf any website regardless of the company's internet usage
> policy and he would never get caught.
Whereas the response in one company I was at towards the sysadmin was
"if you're going to surf porn at work, either face the door or close the
door. Otherwise we get complaints." :-)
--
Darren New / San Diego, CA, USA (PST)
Helpful housekeeping hints:
Check your feather pillows for holes
before putting them in the washing machine.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Invisible wrote:
> What I suspect happens is that it's actually asymmetrically encrypted,
> and the decryption key is encrypted with your login password. That means
> if you change your login password, you gotta change one thing - the
> encrypted decryption key - and all your stuff is still accessible.
Yes.
>> Even if the admin can remotely log in, they won't be able to read your
>> encrypted files unless they somehow get your password.
Or they set up an escrow key.
--
Darren New / San Diego, CA, USA (PST)
Helpful housekeeping hints:
Check your feather pillows for holes
before putting them in the washing machine.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Jim Henderson wrote:
> On Fri, 04 Jul 2008 12:03:55 +0100, Invisible wrote:
>
>>>> a kernel-level debugger can see every octet of data in the machine's
>>>> main RAM and swap file.
>>> Hmmm, so you've reversed your opinion on whether or not a memory dump
>>> is useful? ;-) <scnr>
>> Useful for trying to grab somebody's credit card number? Absolutely!
>
> And how exactly do you propose to do that?
It's pretty trivial, really. Scan thru memory looking for 16 digits
that match the LUHN 10 algorithm. That's what CardShark (FV's sample
"encryption isn't good enough" program) did, in essence.
--
Darren New / San Diego, CA, USA (PST)
Helpful housekeeping hints:
Check your feather pillows for holes
before putting them in the washing machine.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
