Re: FYI LinkedIn passwords hacked

Sun, 10 Jun 2012 23:34:23 -0700 

W dniu 2012-06-10 22:37, Andy Wood pisze:

On Fri, 8 Jun 2012 22:48:50 +0200, R.S.<[email protected]>
wrote:

[snipped]

I am quite prepared to accept that  mainframe workers would know that
it is not a good idea to reuse passwords in that way.

However, that was not my point when I said that "we" might learn
something from this.

Some aspects of the incident were clearly not so "obvious" - the fact
that you had to explain what a rainbow table is proves that.

You also explained how RACF encrypts passwords, but actually an
installation can choose to encrypt  passwords some other way, via the
ICHDEX01 exit. I'm not saying that this is a good or bad thing, but
it exists, and may be used. Would you want an exit like that to be
implemented by somebody who never heard of a rainbow table?
Yes, I was less accurate than RACF manuals, maybe due to size limitations of the messages sent ti the listserv ;-)
And no, I wouldn't want anything from the person which does the thing he has no idea about. And this is the case - a person who wants to store passwords, provide changes to very delicate part of security system and has no idea how to do it. 

Also, no, I see no reason to use this exit.
And yes, there is always an opportunity to learn something form any event/information you get. However some of the informations are mainframe related and some are not. Again, I'm not going to fight for it, but I'm also not going to say that linkedin is on topic, because it's not. 

Regards
--
Radoslaw Skorupka
Lodz, Poland






--
Tre tej wiadomoci moe zawiera informacje prawnie chronione Banku 
przeznaczone wycznie do uytku subowego adresata. Odbiorc moe by jedynie 
jej adresat z wyczeniem dostpu osób trzecich. Jeeli nie jeste adresatem 
niniejszej wiadomoci lub pracownikiem upowanionym do jej przekazania 
adresatowi, informujemy, e jej rozpowszechnianie, kopiowanie, rozprowadzanie 
lub inne dziaanie o podobnym charakterze jest prawnie zabronione i moe by 
karalne. Jeeli otrzymae t wiadomo omykowo, prosimy niezwocznie 
zawiadomi nadawc wysyajc odpowied oraz trwale usun t wiadomo 
wczajc w to wszelkie jej kopie wydrukowane lub zapisane na dysku.
This e-mail may contain legally privileged information of the Bank and is intended solely for business use of the addressee. This e-mail may only be received by the addressee and may not be disclosed to any third parties. If you are not the intended addressee of this e-mail or the employee authorised to forward it to the addressee, be advised that any dissemination, copying, distribution or any other similar activity is legally prohibited and may be punishable. If you received this e-mail by mistake please advise the sender immediately by using the reply facility in your e-mail software and delete permanently this e-mail including any copies of it either printed or saved to hard drive. 
BRE Bank SA, 00-950 Warszawa, ul. Senatorska 18, tel. +48 (22) 829 00 00, fax 
+48 (22) 829 00 33, www.brebank.pl, e-mail: [email protected]
Sd Rejonowy dla m. st. Warszawy XII Wydzia Gospodarczy Krajowego Rejestru Sdowego, nr rejestru przedsibiorców KRS 0000025237, NIP: 526-021-50-88. Wedug stanu na dzie 01.01.2012 r. kapita zakadowy BRE Banku SA (w caoci wpacony) wynosi 168.410.984 zotych. 

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN

Reply via email to