New York Times intranet hacked

Printable View

February 28th, 2002, 09:00 AM
BrainStop

New York Times intranet hacked

A story was released about the New York Times internal network being hacked:

The Register: NY Times Internal Network Hacked

There's one interesting bit in there:

Quote:

Armed with that information, the hacker could use the intranet account of any employee that hadn't changed their password from the default -- the last four digits of the person's Social Security number. One of those belonged to a worker that had the power to create new accounts, so Lamo set up his own account on the network with higher privileges.

As I say ... the human factor is one of the biggest security risks around! :)

Cheers,

BrainStop
February 28th, 2002, 09:21 AM
Remote_Access_

I've already read the article but good post. ;)
The biggest computer vulnerability lies between
the keyboard and the back of the chair.

Remote_Access_
February 28th, 2002, 10:26 AM
nabylbt

true, the most secure system is as secure as it weakest part ie the dude behind the screen

i know we all know about the guessable psswd but do we really use it ...
for the longuest time i've used the names of my dogs plus some stupid digits ...
now at work i have to select a real psswd (since they keep logs on sys access...) with all the features well that does sucks cuz i have to remember 4 of them all different ...
anybody got the same prob ?

ps i did found a kewl way to remind me of them i simply use commands with no spaces ... the type of commands you rarelly execute if you get my meaning....
February 28th, 2002, 10:32 AM
Guus

haha, ingenious nabylbt! So, your password is "deltree/yc:\porn" ? :D

No, seriously, that's actually a good idea - you can have a fairly long password, which most brute-force attackers have problems with decoding, for it uses things like -, ; and / ... That is, until someone starts putting commando's in dictionaries...
February 28th, 2002, 10:36 AM
nabylbt

not exactly
more like formatc:/q/u<y.txt
......lol
February 28th, 2002, 10:37 AM
BrainStop

Password problems

One of the problems with passwords is when you ask people to remember too many ... at my previous job, I had around 20 passwords ... most of which I did not create myself. The result: I had to write some of them down, especially the ones I hardly used.

Human memory can only remember so much. Asking me to change my password constantly and remembering the last 20 passwords I used is going to decrease security.

I think there is a limit to what you can ask people to remember. Yes, give them an impossible password of 16 characters .... but let them use it for a long time. The more passwords you give them, the more likely they are to be written down somewhere.

This does favor the call for combining passwords with some kind of physical control such as biometrics to improve security.

And, let's not forget, forcing people to change the default password the first time they log in.

Cheers,

BrainStop
February 28th, 2002, 11:21 AM
valhallen

yup as BrainStop said it def is time some kind of physical control was brought in - in fact i remember reading a while ago about a keyboard with built in scanner being on the market but I ain't heard anything about it since :confused:

v_Ln