Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: Password policy publication
From: Matthew Gracie <graciem () CANISIUS EDU>
Date: Wed, 29 Oct 2008 10:02:45 -0400

Valdis Kletnieks wrote:

And then there's the even more numerous sites that try to set up account
locking, but fail to do it for *every* place.  Sure, your Windows boxes and
Active Directory may do locking - but did you check *every* web app that
does authentication to make sure it does it as well?  Your webmail server?
Those 5 creeping horror applications that Student Billing runs to let
students look at their bills online?  And so on...

Overheard in almost every Unix machine room at some point or another:

"Hey, how long has this LDAP-authenticating machine been running XDMCP?"

--
Matt Gracie                         (716) 888-8378
Information Security Administrator  graciem () canisius edu
Canisius College ITS                Buffalo, NY
http://www2.canisius.edu/~graciem/graciem_public_key.gpg        

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]