 |
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
... that someone pulled a power cord for only $10, or that the "Super
hacker" is a fraud ...
http://thedailywtf.com/Articles/The-Super-Hacker.aspx
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Wed, 30 Apr 2008 10:46:00 -0500, Mike Raiford <mra### [at] hotmail com> wrote:
>... that someone pulled a power cord for only $10, or that the "Super
>hacker" is a fraud ...
>
It sounds like he found a valid vulnerability to me. Physically securing the hardware
is kind of important too.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Kyle wrote:
>
> It sounds like he found a valid vulnerability to me. Physically securing the
hardware is kind of important too.
>
Security hole:
Trivially easy to bribe employees: Check.
Yes ... but, if the hacker didn't have access to the employees ...
BTW, would this be considered a denial of service attack?
Not worth $3500 to find that your employees can be bribed to unplug a
machine for $10, though.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Mike Raiford wrote:
> Not worth $3500 to find that your employees can be bribed to unplug a
> machine for $10, though.
Apparently in a recent experiment, 80% of office workers were
successfully bribed into handing over their password in exchange for a
free pen. [Yes, a cheap 20p pen that you could buy in a shop for 20p.]
What the report *doesn't* say is how many of the passwords thus
collected were actually _valid_. ;-) I like to believe that office
workers are actually that smart. You know, for my sanity...
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Orchid XP v8 wrote:
>
> Apparently in a recent experiment, 80% of office workers were
> successfully bribed into handing over their password in exchange for a
> free pen. [Yes, a cheap 20p pen that you could buy in a shop for 20p.]
>
Somebody offering me a free pen in exchange for a password is likely to
hear the words "Go to hell"
But, that's just me. :)
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Orchid XP v8 wrote:
(Added)
Of course, my wife knows my passwords for the computer at home, so I
suppose I am susceptible to a social engineering attack, too .. :D
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
> "Go to hell"
Ah so that's your password?
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Wed, 30 Apr 2008 13:44:27 -0500, Mike Raiford
<mra### [at] hotmailcom> wrote:
>
>Somebody offering me a free pen in exchange for a password is likely to
>hear the words "Go to hell"
>
>But, that's just me. :)
And me ;)
--
Regards
Stephen
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
"Orchid XP v8" <voi### [at] devnull> wrote in message
news:4818b6ed$1@news.povray.org...
> What the report *doesn't* say is how many of the passwords thus
> collected were actually _valid_. ;-) I like to believe that office
> workers are actually that smart. You know, for my sanity...
A few years back, I did a test on password security for an app I was working
on. The data in the DB was very important and very sensitive. They type of
data that the competitor would love to see. (Mineral resource exploration
data)
I managed to gather 35% of the passwords with a dictionary hack, including
that of the chief geologist, and another 10% by wandering through the
offices upstairs, including that of the manager of the division.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Mike Raiford wrote:
>
> Somebody offering me a free pen in exchange for a password is likely to
> hear the words "Go to hell"
I'd give him/her a password. A real password, a one that's so cryptic it
doesn't even match any system out there.
--
Eero "Aero" Ahonen
http://www.zbxt.net
aer### [at] removethiszbxtnetinvalid
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
