Home page logo

educause logo Educause Security Discussion mailing list archives

Re: Mitigating Phishing Attacks
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Sun, 18 Nov 2012 08:47:56 -0500

On Wed, 14 Nov 2012 16:23:46 -0600, Steven Tardy said:
0a) log all authentications(failed and successful) to a database.

Sorry for the late reply, been a zoo here in my office.

Note that logging failed authentications can be problematic, because if a user
gets out of sync with the input, they can end up entering their password into
the login field.  So then you see in your logs:

User 'fredspassword' not authorized.
User 'fred' logged in.

and you've created an unintentional password disclosure. It's probably not a
big problem if you mask out the purported userid if it doesn't exist, or do
something else to ensure that you don't log a password thinking it's a userid.

Attachment: _bin

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]