Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Password Cracking & Consequences

From: James Riden <j.riden () MASSEY AC NZ>
Date: Fri, 27 Aug 2004 11:50:17 +1200
Scott Bradner <sob () HARVARD EDU> writes:


what is the threat model that leads to teh IT department cracking passwords?


For one: http://www.k-otik.com/exploits/08202004.brutessh2.c.php

I've also seen a couple of worms which will attempt to access Windows
network shares by guessing passwords such as '123456', etc., but
couldn't find any in a quick search.

Not saying it's definitely OK to do, but there are reasons why it's
nice to be able to audit passwords if you can.

cheers,
 Jamie
--
James Riden / j.riden () massey ac nz / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.
Previous By Date Next
Previous By Thread Next

Current thread: