Quite correct. It would be cracked quite key. But not as fast as a real word, or modified word using say 0 for o and maybe@ for a. On Nov 21, 2011 9:23 AM, "Derek Trotter" <[email protected]> wrote:
> I figure that to be 830,584 possible combinations. That's 26 lower case > letters, 26 more upper case, 10 numbers and the special characters I > counted on my keyboard. That's 94 possible characters for each of the > three in the password. 94*94*94=830,584. Of course there are the other > possible characters you can get by holding down the alt key and pressing a > number, or using the windows character map. Somehow I feel if they're only > bright enough to come up with a three character password, we can dismiss > those possibilities that aren't on the standard US keyboard. I could be > wrong, but I'm guessing a password cracking program wouldn't take too long > to try 830,584 possible combinations. > > On 11/21/2011 0:33, Michael Butash wrote: > > Hah. > > "Hacker Says Texas Town Used Three Character Password To Secure Internet > Facing SCADA System" > > > http://threatpost.com/en_us/blogs/hacker-says-texas-town-used-three-character-password-secure-internet-facing-scada-system-11201 > > Good enough for government. > > -mb > > > On 11/20/2011 03:27 PM, Sam Kreimeyer wrote: > > I think that most operators generally take whatever data SCADA spits > out at face value. After all, how would they recognize what dangerous > behavior looks like if they don't understand how these systems work > anyway? Let the IT guy figure it out. > > I think we are witnessing the nascence of an appreciation for just how > devastating a vulnerability to industrial control mechanisms can be. > The security of these systems has long relied on their own obscurity > and the hope that nobody will be particularly inclined to cause havoc > with no *obvious* potential for profit. That's why they have that > expensive firewall, right? > > On 11/20/11, Derek Trotter<[email protected]><[email protected]> > wrote: > > Same here. When I first heard of this, I said to myself: "Bet these > systems run on windows." > > On 11/20/2011 14:00, Lisa Kachold wrote: > > > > On Sat, Nov 19, 2011 at 11:25 PM, Michael Butash<[email protected] > <mailto:[email protected]> <[email protected]>> wrote: > > There was some idle chat here prior about Stuxnet and how it > almost single-handed stopped or at least delayed Iran's Nuclear > aspirations, and I'd commented on how there was a variant called > Duqu that was running rampant in our SCADA systems that run > municipal water. > > Seems our environmentals that run cities have and are being > exploited more frequently with more disclosures in the past few > days of incidents in Springfield Illinois and Houston Texas. Not > only do I guarantee security on these systems and networks not up > to par, their embedded and obscure nature means they probably > aren't even regularly patched to take advantage. In the > Springfield incident they actually caused damage to a critical > pump, and it's only going to continue to get worse as it's now > being talked about more mainstream and word spreads. > > http://www.theregister.co.uk/2011/11/17/water_utility_hacked/ > > http://www.theregister.co.uk/2011/11/18/second_water_utility_hack/ > > I know I sleep better at night knowing all this software runs on > old windoze systems! Even better is how they're talking about in > here how they are often now internet connected systems so they can > be managed remotely to save costs (i.e. outsource it). Maybe > letting the Chinese government run our city water systems isn't > quite what they had in mind, but anything to save a buck in these > trying times I suppose... > > -mb > > > chortle! snort! > -- > (602) 791-8002 Android > (623) 239-3392 Skype > (623) 688-3392 Google Voice > ** > HomeSmartInternational.com > > > > > > > > --------------------------------------------------- > PLUG-discuss mailing list - [email protected] > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > --------------------------------------------------- > PLUG-discuss mailing list - [email protected] > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > --------------------------------------------------- > PLUG-discuss mailing list - [email protected] > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > -- > "That income tax you know it's nothing more than legal robbery" > Sidney "Pa" Larkin > > Please protect my address like I protect yours. When sending messages to > multiple recipients, always use the BCC: (Blind carbon copy) and not To: or > CC:. Also remove all of the addresses from the message body before forwarding > the message. These simple measures prevent spy programs from capturing the > addresses shown in the recipient list and the message body. > > > --------------------------------------------------- > PLUG-discuss mailing list - [email protected] > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss >
--------------------------------------------------- PLUG-discuss mailing list - [email protected] To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
