Printable View
Quote:
Originally Posted by nihil
I agree. I use a few of the same BS answers on all of the security questions. My wife wouldn't even be able to reset my email account, because my mother's maiden name isn't really vader. [names changed to protect the innocent :D]
If you search the archives here, odds are you'll see me saying the password reset trick was already old circa 2003?
Possibly one of my pseudonyms?
Why this sort of thing has been allowed to continue is mind blowing. Although anybody who suggests that people actually secure things themselves by using a "not easily found" answer that doesn't strictly relate to the question has obviously never met a real user. Users are idiots. THere is no nice way to put it. THe help desk at the federal facility I work had a user turn in a broken mouse, asking for a new one. They simply repackaged the "broken" mouse, gave it to the guy, told him it was a brand new one. They got a call about 15 minutes later from the guy, thanking them for their quick response and the great mouse. It gets worse. Y'all familiar with ToughBooks? Yeah, the nylon stylus the ToughBook tbalets use cannot break the screen, the stylus breaks far before the screen does. Of course, we get a shattered screen and a user saying they were just tapping it with the stylus.
On the contrary, I have met lots of them, several of whom have had their e-mail accounts hijacked. :DQuote:
Although anybody who suggests that people actually secure things themselves by using a "not easily found" answer that doesn't strictly relate to the question has obviously never met a real user.
I think that the service providers should give a clear warning of the potential dangers of providing correct information, although there is no real excuse for forgetting your password. Just write it down in the back of your bible or whatever flavour religious book you use................. nobody is going to look there :halo:
I was discussing this last week at lunch with some friends. Interestingly enough some of them use Yahoo mail and their response to forgotten password automated anything is this.
"Anytime I have to answer a predetermined "secret question" in order to gain access to a free service, the answer is always two or three jumps away".
WTF does 2 - 3 jumps mean (Guys a flippen dataminer for accounting firms - go figure). Anyway, If the question is where did you go to high school. the answer might be back alley - because the one thing I remember most about high school is Laura and my first kiss which was in the alley behind my house.
So much for guessing or social engineering that "secret question"
Anyway I just found that logic interesting. Me I'd just not use anything that allowed anyomus password changes.
I think the whole idea of providing not-so-obvious answers to these secret questions is a good work around for the "Forgot-my-password" service flaw.
I think it's my Gmail account that provides the option to write my own question. I think that's a great idea simply because breaking the service is that much more difficult. So instead of the standard 5-10 questions handed on a silver platter to inquisitive malicious users, you could have thousands & thousands of different questions in all kinds of formats. Couple that with some oddball answers and this could really help shore up the "Forgot-My-Password" service security.
Dinowuff - Great logic. Think I am going to use that from now on.
Looks like he was indicted:
Full Story:Quote:
Kernell faces a maximum of five years in prison if convicted, along with a $250,000 fine and a three-year term of supervised release. The case is being investigated by the FBI's Anchorage and Knoxville field offices. No trial date is scheduled yet.
http://news.cnet.com/8301-13578_3-10060878-38.html
Shame, poor guy.
yeah right...booo hooo hoooQuote:
Originally Posted by Cider
The guys an Id 10 t
He hacks an american vice presidential candidates email using his own internet access through a proxy...then brags about it......
DUH
you dont think the feds were all over that ASAP
He could have at least used one the the kazillion open WAPs out there...
I have absolutley no sympathy for stupidity
MLF
SO if he used an opened WPA then it would be all good :)