On Mon, Apr 25, 2011 at 01:52:40PM -0600, AJ ONeal wrote: > If you have physical access to my machine, you don't need jack the ripper. > Just pop in a boot CD. > All logins are done online these days. > On an unprotected system where you're the only user and the site is using > an evented webserver you'll be lucky to get 20,000.
A boot CD won't get my into his Facebook or Gmail account, or any other online system. Knowing that users reuse their passwords over, and over, and over again, having access to an unshadowed file has great value. In fact, I would be willing to wager that some on this list use their GnuPG password somewhere else. Just imagine the fun you could have. Once you have their password from the shadow file, you start typing it anywhere and everywhere you think they have an account. PayPal, their bank, their work VPN, email, etc., etc., etc. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o
signature.asc
Description: Digital signature
-------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info (unsubscribe here): http://uug.byu.edu/mailman/listinfo/uug-list