ok, now you still need the hardware token ::shrug:: On Thu, Sep 18, 2008 at 10:44 PM, Robert Munn <[EMAIL PROTECTED]> wrote: > On Thu, Sep 18, 2008 at 9:34 PM, Dana wrote: >> not if the proper procedures are followed. The helpdesk is supposed to >> make sure they know who they are talking to and only deliver the token >> face-to-face. Password is set up by the user. Troubleshooting this >> gets tricky and yes, procedures are important. The only means of >> hacking it I can conceive of are social and all involve someone being >> seriously careless. > > I once convinced a help desk staffer with a mobile phone company to > help me with a phone issue, and in the process he inadvertently > revealed to me the default password for all corporate accounts in > their entire system. I reported the mistake to my internal corporate > mobile phone contact so they could handle the issue properly, but > imagine if I had been someone with malicious intent. It took a grand > total of about two minutes. > > People are usually the weakest link in the chain when it comes to > security. Why bother using sophisticated attacks on technology when > you can just make a phone call? > >
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Community/message.cfm/messageid:270140 Subscription: http://www.houseoffusion.com/groups/CF-Community/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.5
