Only for Chuck Norris. On Thu, Mar 15, 2012 at 7:51 PM, Mack Bolan <mack.bola...@gmail.com> wrote:
> So that makes sticky notes ok? > > Mack S. Bolan > > > > On Thu, Mar 15, 2012 at 5:43 PM, Kurt Buff <kurt.b...@gmail.com> wrote: > >> Perhaps you might want to rethink your threat model: >> >> http://www.darkreading.com/database-security/167901020/security/attacks-breaches/232601717/new- >> verizon-breach-data-shows-outside-threat-dominated-2011.html >> >> On Thu, Mar 15, 2012 at 13:50, Doug Hampshire <dhampsh...@gmail.com>wrote: >> >>> Are you sure about that? The vast majority of security incidents happen >>> on the inside of your network from known individuals. Also it was >>> addressing offline brute force attacks. Most online systems have lockout >>> policies and other countermeasures to limit exposure to brute force >>> attacks. >>> >>> On Thu, Mar 15, 2012 at 2:49 PM, Crawford, Scott >>> <crawfo...@evangel.edu>wrote: >>> >>>> I'd rather have "good" passwords written down on a sticky note >>>> accessible only to a limited number of coworkers than "bad" passwords that >>>> can be exploited by any black-hat on the internet. >>>> >>>> Sent from my Windows Phone >>>> ------------------------------ >>>> From: Heaton, Joseph@DFG >>>> Sent: 3/15/2012 11:07 AM >>>> To: NT System Admin Issues >>>> Subject: RE: Worth some consideration... >>>> >>>> >>>> Wait… I’m NOT supposed to write my password on a sticky note? How am >>>> I supposed to let my coworker use my login, then? >>>> >>>> >>>> >>>> Joe Heaton >>>> >>>> ITB – Windows Server Support >>>> >>>> >>>> >>>> *From:* Andrew S. Baker [mailto:asbz...@gmail.com] >>>> *Sent:* Thursday, March 15, 2012 7:49 AM >>>> *To:* Heaton, Joseph@DFG; NT System Admin Issues >>>> *Subject:* Re: Worth some consideration... >>>> >>>> >>>> >>>> That's an implementation problem. >>>> >>>> >>>> >>>> If I choose a passphrase of "Mary had a little lamb" then of course >>>> that will be relatively weak as passphrases go. That that is not an >>>> inherent weakness of passphrases, but of people. >>>> >>>> >>>> >>>> Lots of things are undermined by poor choices. Completely random 20 >>>> character passwords with a unicode character set are undermined by having >>>> them posted on sticky notes. >>>> >>>> >>>> >>>> We didn't need a whole article to point that out. >>>> >>>> >>>> >>>> *ASB* >>>> >>>> *http://XeeMe.com/AndrewBaker* >>>> >>>> *Harnessing the Advantages of Technology for the SMB market…* >>>> >>>> >>>> >>>> On Thu, Mar 15, 2012 at 10:12 AM, Kurt Buff <kurt.b...@gmail.com> >>>> wrote: >>>> >>>> >>>> http://arstechnica.com/business/news/2012/03/passphrases-only-marginally-more-secure-than-passwords-because-of-poor-choices.ars >>>> >>>> By Dan Goodin >>>> Ars Technica >>>> March 14, 2012 >>>> >>>> Passwords that contain multiple words aren't as resistant as some >>>> researchers expected to certain types of cracking attacks, mainly >>>> because users frequently pick phrases that occur regularly in everyday >>>> speech, a recently published paper concludes. >>>> >>>> Security managers have long regarded passphrases as an >>>> easy-to-remember way to pack dozens of characters into the string that >>>> must be entered to access online accounts or to unlock private >>>> encryption keys. The more characters, the thinking goes, the harder it >>>> is for attackers to guess or otherwise crack the code, since there are >>>> orders of magnitude more possible combinations. >>>> >>>> But a pair of computer scientists from Cambridge University has found >>>> that a significant percentage of passphrases used in a real-world >>>> scenario were easy to guess. Using a dictionary containing 20,656 >>>> phrases of movie titles, sports team names, and other proper nouns, >>>> they were able to find about 8,000 passphrases chosen by users of >>>> Amazon's now-defunct PayPhrase system. That's an estimated 1.13 >>>> percent of the available accounts. The promise of passphrases' >>>> increased entropy, it seems, was undone by many users' tendency to >>>> pick phrases that are staples of the everyday lexicon. >>>> >>>> "Our results suggest that users aren't able to choose phrases made of >>>> completely random words, but are influenced by the probability of a >>>> phrase occurring in natural language," researchers Joseph Bonneau and >>>> Ekaterina Shutova wrote in the paper (PDF), which is titled >>>> "Linguistic properties of multi-word passphrases." "Examining the >>>> surprisingly weak distribution of phrases in natural language, we can >>>> conclude that even 4-word phrases probably provide less than 30 bits >>>> of security which is insufficient against offline attack," the paper >>>> says. >>>> >>>> [...] >>>> >>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>>> >>>> --- >>>> To manage subscriptions click here: >>>> http://lyris.sunbelt-software.com/read/my_forums/ >>>> or send an email to listmana...@lyris.sunbeltsoftware.com >>>> with the body: unsubscribe ntsysadmin >>>> >>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>>> >>>> --- >>>> To manage subscriptions click here: >>>> http://lyris.sunbelt-software.com/read/my_forums/ >>>> or send an email to listmana...@lyris.sunbeltsoftware.com >>>> with the body: unsubscribe ntsysadmin >>>> >>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>>> >>>> --- >>>> To manage subscriptions click here: >>>> http://lyris.sunbelt-software.com/read/my_forums/ >>>> or send an email to listmana...@lyris.sunbeltsoftware.com >>>> with the body: unsubscribe ntsysadmin >>>> >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> --- >>> To manage subscriptions click here: >>> http://lyris.sunbelt-software.com/read/my_forums/ >>> or send an email to listmana...@lyris.sunbeltsoftware.com >>> with the body: unsubscribe ntsysadmin >>> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe ntsysadmin >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin