Not sure how interesting this woud be, but if anyone is interested in linux server operations, I could put something together with other co-workers from i.TV.
We run close to 100 EC2 instances and can go over managing it.. We also do some really cool stuff with video capture, that has some application outside a data center. On Mon, Feb 11, 2013 at 4:55 PM, Lloyd Brown <[email protected]> wrote: > As interesting and useful as that sounds, you will want to be very, very > careful with something like this. > > Time for a war story. > > Several years ago, when I was an undergrad, I took a the IT program's > Security class. At the direction of the professor, the TA set up an > access point and faked "BYU Wireless Login" page (this was before we > could whitelist device MACs with OIT). He ran this for a few minutes in > the security lab, during our lab time, which was right before class. > The teacher was out of town, so the TA was running things in class, and > he started asking people in the class if their password was a certain > number of characters long, and started with this letter, ended with that > letter, etc. > > Since we had several full-time employees from OIT, and from other > computer support organizations across campus, this made a number of > people upset. > > In the end, it all worked out. The TA could demonstrate that he'd ONLY > stored the first and last characters, and the total length of the > passwords. The members of the class started being really careful about > checking for the SSL certificate (which the TA didn't spoof). All in > all, it was good lesson learned for everyone, but it made a good number > of them freak out. And when people in a position to make policy > decisions get upset like that, they're prone to overreaction. > > > I'm not saying that it's a bad idea to do something like you're > proposing. I think you could probably design the demonstration to avoid > a lot of these problems, etc. Just be careful, make sure you document > everything, get appropriate approvals, etc. > > > > > > Lloyd Brown > Systems Administrator > Fulton Supercomputing Lab > Brigham Young University > http://marylou.byu.edu > > On 02/11/2013 04:38 PM, Jacob Adams wrote: > > Maybe someone could set up a password cracker in the Wilk and invite > > people to come see how (in)secure their passwords are :) > -------------------- > BYU Unix Users Group > http://uug.byu.edu/ > > The opinions expressed in this message are the responsibility of their > author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. > ___________________________________________________________________ > List Info (unsubscribe here): http://uug.byu.edu/mailman/listinfo/uug-list >
-------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info (unsubscribe here): http://uug.byu.edu/mailman/listinfo/uug-list
