|
04-20-2003, 11:58 AM
|
#1 (permalink) |
|
Squid hat!
Location: A Few Miles Away From Halx
|
Give Me Your Password
Well well well, looks like the idea of protecting your password can be defeated by free handouts. How free? How about a cheap pen.
From http://www.theregister.co.uk/content/55/30324.html "Workers are prepared to give away their passwords for a cheap pen, according to a somewhat unscientific - but still illuminating - survey published today. The second annual survey into office scruples, conducted by the people organising this month's InfoSecurity Europe 2003 conference, found that office workers have learnt very little about IT security in the past year. If anything, people are even more lax about security than they were a year ago, the survey found. Nine in ten (90 per cent) of office workers at London's Waterloo Station gave away their computer password for a cheap pen, compared with 65 per cent last year. Men were slightly more likely to reveal their password with 95 per cent of blokes, compared to 85 per cent of women quizzed, prepared to hand over their password on request. The survey also found the majority of workers (80 per cent) would take confidential information with them when they change jobs and would not keep salary details confidential if they came across them. If workers came across a file containing everyone's salary details, 75 per cent of workers thought they would be unable to resist looking at it, again up from 61 per cent in 2002. A further 38 per cent said they would also pass the information around the office. Naughty. The survey was undertaken by the organisers of Infosecurity Europe 2003 in a quest to find out how security conscious workers are with company information stored on computers. Workers were asked a series of questions which included: What is your password? Three in four (75 per cent) of people immediately gave their password. If they initially refused they were asked which category their password fell into and then asked a further question to find out the password. A further 15 percent were then prepared to give over their passwords, after the most rudimentary of social engineering tricks were applied. One interviewee said, "I am the CEO, I will not give you my password it could compromise my company's information". A good start, but then the company boss blew it. He later said that his password was his daughter's name. What is your daughters name the interviewer cheekily asked. He replied without thinking: "Tasmin". D'oh. Of the 152 office workers surveyed many explained the origin of their passwords. The most common password was "password" (12 per cent) and the most popular category was their own name (16 per cent) followed by their football team (11 per cent) and date of birth (8 per cent). Two thirds of workers have given their password to a colleague (the same as last year) and three quarters knew their co-workers passwords. In addition to using their password to gain access to their company information two thirds of workers use the same password for everything, including their personal banking, Web site access, etc. This makes them more vulnerable to financial fraud, personal data loss or even identity theft, the InfoSecurity team point out. Meanwhile two thirds of workers admitted they had emailed colleagues illicit, unsavoury pictures or "dirty jokes", up slightly from 62 per cent in 2002. Men were twice as likely to indulge in this activity with 91 per cent of men sending unsavoury emails compared to only 40 per cent of women. InfoSecurity's organisers say this behaviour could expose their employer to expensive litigation for sexual discrimination, low morale and even be viewed as allowing bullying. Tamar Beck, Director of InfoSecurity Europe 2003, said: "Employees are sometimes just naïve, poorly trained or are not made aware of the security risk. Employers therefore need to create a culture of protecting their information and reputation with policies on information security backed up with training to support the security technology"."
__________________
Like TFP? Donate To Keep It Alive!! |
|
|
04-20-2003, 12:17 PM
|
#2 (permalink) |
|
Cracking the Whip
Location: Sexymama's arms...
|
Hehe,
Really, if you offered me a pen for a password, I would give you one, it just wouldn't be the real one. I'm a security freak on networks and my passwords reflect that, with mixed case, numeric and non-numeric characters. But I'll tell you what, I'll give you all my list of password hints: My WindowsXP Admin account: Mom's state My Hotmail: My State My TFP password: Arfcom Modified There Ya go! Have fun Crackers!
__________________
"Of all tyrannies, a tyranny exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies. The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good will torment us without end, for they do so with the approval of their own conscience." – C. S. Lewis The ONLY sponsors we have are YOU! Please Donate! |
|
|
|
04-20-2003, 12:24 PM
|
#3 (permalink) | |
|
Go Packers! (*sigh!*)
Location: The Lovely Emerald City
|
Quote:
Colorado Marcof
__________________
Pas le cri, le coeur de Minx!  .... Where can I stare now?.........I did!!!What about You? |
|
|
|
|
04-20-2003, 12:32 PM
|
#4 (permalink) |
|
lost and found
Location: Berkeley
|
Sure, I'll be glad to take a pen from you in exchange for what I claim is a password.
__________________
"The idea that money doesn't buy you happiness is a lie put about by the rich, to stop the poor from killing them." -- Michael Caine |
|
|
|
04-20-2003, 12:36 PM
|
#5 (permalink) | |
|
Cracking the Whip
Location: Sexymama's arms...
|
Quote:
Did you really think it would be that easy?
__________________
"Of all tyrannies, a tyranny exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies. The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good will torment us without end, for they do so with the approval of their own conscience." – C. S. Lewis The ONLY sponsors we have are YOU! Please Donate! |
|
|
|
|
04-20-2003, 12:53 PM
|
#7 (permalink) |
|
Crazy
Location: MN-WI
|
Seriously, people are dumb like that sometimes.
I had to set up a cow-orker's pc at work with network access to one of our drives. I asked him what his login for Win2k was, and he gave me login and password. This is the day before April 1st, mind. The next day he came in to find his mouse swapped to left-handed, oriented so that up = right, and set to super-mega-slow speed. I could have done oh so much more, but it wasn't worth losing my job over. I think at least he is a little more educated about security now, though.
__________________
Incompetence When you earnestly believe you can compensate for a lack of skill by doubling your efforts, there's no end to what you can't do. |
|
|
|
04-20-2003, 04:11 PM
|
#8 (permalink) |
|
Junkie
|
This isn't surprising, but it's very disturbing that people don't take basic security seriously. All of my passwords are a mix of letters (upper and lower case) and numbers chosen randomly.
__________________
"Fuck these chains No goddamn slave I will be different" ~ Machine Head |
|
|
|
04-20-2003, 04:18 PM
|
#10 (permalink) |
|
Crazy
Location: A Fortified Compound, East Coast
|
Well, for me it all depends. For some of my nonsense items that require passwords, like hotmail accounts and so forth, I just use something basic, so I will always know it, and I really never change it. Everything else, though, such as computers, laptops, regular e-mails, etc, I use a mix of letters and numbers, and change it bi-weekly. I have too much stuff at risk to have an easy password.
__________________
Heh. Oops. Sorry about that one... |
|
|
|
04-20-2003, 04:22 PM
|
#11 (permalink) |
|
Banned
Location: Meahssahcheusetss
|
I use the same password for everything, but its just a simple phrase with no connection whatsoever to myself., no football teams, no my name, no "password". I find it just as effective as mixed passwords with numerals and mixed capitalization with random letters, especially seince i find it easier to remember...
|
|
|
|
04-20-2003, 04:29 PM
|
#12 (permalink) |
|
Psycho
Location: lost
|
I generally have the same password, or variations of the same password, for most of my stuff. The way I see it, I don't have anything important right now that would matter if someone messed with. Besides, my password has letters and either numbers or symbols in it, and is the name of an obscure planet from a sci-fi book I read a few years back. Don't ask me why I chose it, I just did... but I bet you can't figure it out
__________________
I'd rather be climbing... I approach college much like a recovering alcoholic--one day at a time... |
|
|
|
04-20-2003, 05:53 PM
|
#14 (permalink) |
|
Upright
|
My personal favorite remains an acquaintance who thought they were being clever by actually making there password all asteriks (*'s), because it actually was what came up on screen. However another acquaintance noticed that it was just one key being hit rapidly, and from there it was all down hill. ::shake head:: Yay for having goatse as the background image and the password changed. . .
|
|
|
|
04-21-2003, 10:25 AM
|
#15 (permalink) | |
|
Insane
|
Biggest hole in network security
http://www.theregister.com/content/55/30324.html
Quote:
__________________
This post has been sanitized for your protection by the Ministry of Information of Oceania. |
|
|
|
|
04-21-2003, 10:45 AM
|
#17 (permalink) |
|
Junkie
Location: The True North Strong and Free!
|
I saw a show on this on 20/20, it was pretty scary how fast some people are willing to give up their security unverified to strangers.
__________________
"It is impossible to obtain a conviction for sodomy from an English jury. Half of them don't believe that it can physically be done, and the other half are doing it." Winston Churchill |
|
|
|
04-21-2003, 11:35 AM
|
#19 (permalink) |
|
Crazy
Location: New Orleans
|
Um, I can see going balls out with your password security (mixed case, letters, numbers, etc., changing every week) if it protects something of real value that you can expect someone to want unauthorized access to...
But just the login to your windows environment at work? What's the big deal? Set your password to your old girlfriend's last name or some other dumbass, easy to remember word... No one cares about getting in, and the "enter password" prompt is enough to stop anyone from messing with your desktop wallpaper. It's better to have a slight risk of someone getting to your insignificant data than it is to bother the tech department every time you forget your login. But as I said, if you are protecting something that the average cracker might want access to... then by all means, be careful! |
|
|
|
04-21-2003, 01:06 PM
|
#21 (permalink) |
|
Pro Libertate
Location: City Gecko
|
Not surprised at this.
I know people who Don't Know their own passwords.. They have someone else log them in and leave it logged in. Always generates problems when there is an unexpected power outage hehe.
__________________
[color=bright blue]W[/color]e Stick To Glass "If three of us travel together, I shall find two teachers." Confucious |
|
|
|
04-21-2003, 01:11 PM
|
#22 (permalink) |
|
Tilted Cat Head
Administrator
Location: Manhattan, NY
|
why ask them when you can just look for the post-it on their monitors?
__________________
I don't care if you are black, white, purple, green, Chinese, Japanese, Korean, hippie, cop, bum, admin, user, English, Irish, French, Catholic, Protestant, Jewish, Buddhist, Muslim, indian, cowboy, tall, short, fat, skinny, emo, punk, mod, rocker, straight, gay, lesbian, jock, nerd, geek, Democrat, Republican, Libertarian, Independent, driver, pedestrian, or bicyclist, either you're an asshole or you're not. |
|
|
|
04-21-2003, 02:00 PM
|
#24 (permalink) |
|
Squid hat!
Location: A Few Miles Away From Halx
|
hey, uh, porschebunny - Check the *date* i posted it. Not just the time.
__________________
Like TFP? Donate To Keep It Alive!! |
|
|
|
04-21-2003, 02:31 PM
|
#25 (permalink) |
|
Human
Administrator
Location: Chicago
|
This isn't too surprising to me. If people actually took security seriously then they'd update their boxes when they're supposed to - but they don't. And then we get things like that worm that crippled the internet for a weekend awhile back.
__________________
Le temps détruit tout "Musicians are the carriers and communicators of spirit in the most immediate sense." - Kurt Elling |
|
|
|
04-22-2003, 08:51 PM
|
#27 (permalink) |
|
Hello, good evening, and bollocks.
Location: near DC
|
Kickass article MeanSpleen, I saw that in the news too! When I read your post subject, my immediate response was "the human factor!"
All the firewalls and security technology in the world are worthless if you can talk someone into simply giving you the information you need or doing something for you, which they wouldn't otherwise do. This isn't a plug (borrow it from your public library if you need to  ) but I think everyone interested in this thread should read The Art Of Deception by Kevin Mitnick. Check it out, that's a link to an excerpt.It's the best book I've read in a while, it brilliantly describes exactly what we're talking about. Everyone, even non-techie types can learn a whole lot from from it....I wish I could think of another example but this thread and that excerpt pretty much cover the basic idea. |
|
|
|
04-22-2003, 10:01 PM
|
#28 (permalink) | |
|
Psycho
Location: Alberta, Canada
|
Quote:
: insane : Arfcom Modified
__________________
Mokle "Your hands can't hit what your eyes can't see" -Ali |
|
|
|
| Tags |
| biggest, hole, network, security |
|
|
