|
ring ring ..
"Hello I'm John CrazyHorse from the special security detail can I check your details for an investigation we are doing for your employer."
Actually hacking a network from the outside is quite difficult in comparisson.
I know a lot of IT departments spend small fortunes on techo stuff, when they should be training employees on the basics.
Regardz
Colin J Davies
Sonork ID 100.9197:Colin
More about me
|
|
|
|
|
Colin Davies wrote:
when they should be training employees on the basics
You mean the infamous don't be dumb course?
Cheers,
Simon
"Every good work of software starts by scratching a developer's personal itch.", Eric S. Raymond
|
|
|
|
|
SimonS wrote:
You mean the infamous don't be dumb course?
Very Similar.
I think thats the idea. I'm often amazed by say a secratary who has used MS-Word for several years but can't send an email.
Regardz
Colin J Davies
Sonork ID 100.9197:Colin
More about me
|
|
|
|
|
Or just take their post-it note pad away from them..
Alice thought that running very fast for a long time would get you to somewhere else. " A very slow kind of country!" said the queen. "Now, here , you see, it takes all the running you can do, to keep in the same place".
|
|
|
|
|
So, errr... what is your password, I forgot?
Philip Patrick
Web-site: www.stpworks.com
"Two beer or not two beer?" Shakesbeer
Need Web-based database administrator? You already have it!
|
|
|
|
|
I have a problems with use of the high security password setup - trying to remember "45lkjfr8o7fw8o734iHoUUufriufds87r4" as my password is a little more than difficult.
Stopping people using password01, password02, password03, password04 etc is reasonable.
Alice thought that running very fast for a long time would get you to somewhere else. " A very slow kind of country!" said the queen. "Now, here , you see, it takes all the running you can do, to keep in the same place".
|
|
|
|
|
yup, the user is the weakest link.
But why shouldn't they? They are asked to use passwords they can't possibly remember, to use different passwords everywhere, to have them handy any time they might need it, but don't have them jotted down under their keyboard?
Sounds silly.
It's hard to scratch your ass when you sit on it. [sighist]
|
|
|
|
|
Those are very good points. I would add also poor network management and limitations of certain popular operating systems. Consider the likelyhood that, within a group of workers, each will occasionally need access to the others' machines:
Ideally, they would log on under their own names, using their own passwords, and be restricted from accessing files the machine's owner considers private. A machine on the network should be no more and no less safe than a machine not on the network.
In reality, the users would probably end up either needing an account on each machine, or learning each other's passwords. Consider which one is quicker to accomplish.
peterchen wrote:
[sighist]
Nice!
--------
A common man's understanding of science. Not a normal common man's of course. A very smart common man's. -- Nish, on Science Writing
|
|
|
|
|
Shog9 wrote:
In reality, the users would probably end up either needing an account on each machine, or learning each other's passwords. Consider which one is quicker to accomplish.
So someone needs to invent a keyboard which will detect your fingerprints while you type and if you are not the right person it will send many volts of electricity through your fingertips.
-Jack
To an optimist the glass is half full.
To a pessimist the glass is half empty.
To a programmer the glass is twice as big as it needs to be.
|
|
|
|
|
Ahhh Star Trek...
with the famous 20000V exploding keyboards!
I love those - gotta get me one.
Dave Huff
Igor would you give me a hand with the bags?
Certainly - you take the blonde and I'll take the one in the turban!
|
|
|
|
|
When you put it like that, it sounds hard for users.
Maybe something should be changed.
Regardz
Colin J Davies
Sonork ID 100.9197:Colin
More about me
|
|
|
|
|
Smart cards are a good idea.. but then again, they can be stolen, lost, left behind, etc. But c'mon guys, security, privacy, who needs them anyways?
|
|
|
|
|
I tend to agree, but when security is needed in an app it is often not a matter of passwords/permissions, it is a need for auditing what users do.
Most apps I have seen do no user auditing at all.
|
|
|
|
|
I was the first one
I vote pro drink
|
|
|
|
|
I think Nish's disease is spreading rapidly
|
|
|
|
|
Rama Krishna wrote:
I think Nish's disease is spreading rapidly
Care to team up for a neutraliser virus? I am thinking along the lines of shock treatment, i.e. black listing Victims on worldwide ISPs or an EMP blast in and around their computer equipment.
Of course you were second to post... wOOt! Well done, have a noddy badge.
regards,
Paul Watson
Bluegrass
Cape Town, South Africa
The greatest thing you'll ever learn is just to love, and to be loved in return - Moulin Rouge
Tim Smith wrote:
Over here in the third world of humor (a.k.a. BBC America),
peterchen wrote:
We should petition microsoft to a "target=_Paul" attribute.
|
|
|
|
|
Try the UK MMR jab - that tends to neutralise lots (allegedly).
Sorry guys it's been on my mind recently.
Alice thought that running very fast for a long time would get you to somewhere else. " A very slow kind of country!" said the queen. "Now, here , you see, it takes all the running you can do, to keep in the same place".
|
|
|
|