Hi! On Wed, Oct 22, 2003 at 09:12:12AM -0500, Schmehl, Paul L wrote: > Now, lest you get your hopes up and think it's possible to > change the world, read this: > > http://www.ukauthority.com/articles/story898.asp > > After reading this, I had a good cry and then took some aspirin. > :-(
Of course, what they do not (and most likely cannot) mention is how many of the passwords entered where just random keystrokes instead of a real world password. In fact, I tend to advise people not to completely refuse giving their password / PIN / etc. when asked for by someone, but to reluctantly "disclose" something completely wrong. This way, the attacker might think he's won and - depending on the attacked system - effectively locks the account he wants to break into. Ciao Thomas -- It is better to never have tried anything than to have tried something and failed. - motto of jerks, weenies and losers everywhere _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
