on 16/7/02 00:58, Philip Stortz at [EMAIL PROTECTED] wrote: > as has been demonstrated many times, the use of poorly chosen passwords > can weaken any security system, and this almost always happens with > large corporate systems. there are always users who find passwords a > pain and fail to choose them well or to change them often, or even to > safe guard them. people often write down their passwords, creating a > situation where loss of physical security of a piece of paper (which may > be in their wallet they carry home, or taped to a writing table where > cleaning personnel can find it and use it). humans are usually if not > always the weakest link of any security system, we are fallible, and > some of us are careless or sloppy due to arrogance, or subject to black mail.
The funny thing is that most places encourage you to *write your password down". I find passwords a pain in the ass usually and have two that I use for my public accounts (the ones that I couldn't care one iota if someone were to crack). All these damn data-mining efforts of websites really is starting to get annoying -- want the information, give us an e-mail address and make an account with a password. I couldn't really care one iota about security on these sites so I just make something up, promptly forget it, and re-register with a different address and different fake information (Donald Duck must be a very common name on the web because I can't use it very frequently) if the cookies ever expire (I will under no circumstances give a web site *real* information -- it's not like we can trust them to safeguard our information). > the info on the kremlin is interesting, it's an example of multiple > layers, fortunately the hackers weren't able to overcome the language > barrier, which was only an accidental protection mechanism. crime is > often thwarted by simple or accidental circumstances, but it's hardly a > reliable safeguard. I don't think it was multiple layers -- it was a case of the hack wouldn't have worked anyway because the Cyrillic alphabet requires the use of 16 bit characters and the hack exploited an 8bit vulnerability. The explanation was provided by the admin for the website on one of Wired's user-feedback pages (What's your beef or something like that). Eric. -- G-List is sponsored by <http://lowendmac.com/> and... Small Dog Electronics http://www.smalldog.com | Refurbished Drives | -- We have Apple Refurbished Monitors in stock! | & CDRWs on Sale! | Support Low End Mac <http://lowendmac.com/lists/support.html> G-List list info: <http://lowendmac.com/lists/g-list.shtml> Send list messages to: <mailto:[EMAIL PROTECTED]> To unsubscribe, email: <mailto:[EMAIL PROTECTED]> For digest mode, email: <mailto:[EMAIL PROTECTED]> Subscription questions: <mailto:[EMAIL PROTECTED]> Archive: <http://www.mail-archive.com/g-list%40mail.maclaunch.com/> Using a Macintosh? Get free email and more at Applelinks! <http://www.applelinks.com>
