++ On Fri, Sep 19, 2008 at 12:44 AM, Robert Munn <[EMAIL PROTECTED]> wrote:
> On Thu, Sep 18, 2008 at 9:34 PM, Dana wrote: > > not if the proper procedures are followed. The helpdesk is supposed to > > make sure they know who they are talking to and only deliver the token > > face-to-face. Password is set up by the user. Troubleshooting this > > gets tricky and yes, procedures are important. The only means of > > hacking it I can conceive of are social and all involve someone being > > seriously careless. > > I once convinced a help desk staffer with a mobile phone company to > help me with a phone issue, and in the process he inadvertently > revealed to me the default password for all corporate accounts in > their entire system. I reported the mistake to my internal corporate > mobile phone contact so they could handle the issue properly, but > imagine if I had been someone with malicious intent. It took a grand > total of about two minutes. > > People are usually the weakest link in the chain when it comes to > security. Why bother using sophisticated attacks on technology when > you can just make a phone call? > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Community/message.cfm/messageid:270159 Subscription: http://www.houseoffusion.com/groups/CF-Community/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5
