On Mon, Mar 06, 2006 at 10:35:46AM -0600, Keith wrote:
> Does anyone actually have any hard facts about proven password hacking in
> the real world?
> Does it actually happen? I have looked for evidence and not found anything
> more that lots of would's and coulds. No lists of documented compromised
> computers.

I do. Happened at work. Someone, quite likely me to be honest, set the
password for the test account too... test. Whoever it was forgot they
had done that and sure enough a few months later we notice someone's
"hacked" into the computer and is using the account via automated
scripts to run a ftp server to distribute mp3s and movies. I'm pretty
sure they never got root access, but I wiped the system and reset all
the passwords all the same. 

> And by the way, Kevin Mitnick (the Atr of deception) never ever cracked a
> password. He got the user to enter it for him, so a stong password did
> nothing.
> 
> Having a strong password pasted on the front of your computer is useless
> IMHO. Use a decent password and don't tell anyone or write it down.

No more useless then the fact that anyone able to read that password can
probably put a bootdisk into said computer and take the data anyway...

Writing down passwords is perfectly acceptable *network* security. What
is isn't is acceptable *physical* security. In many cases if the
intruder can read the password, you're fscked anyway cause the data is
sitting on a harddrive right next to them.

Personally I encrypt anything that's really important, so that barring
keyloggers and other relatively advanced attacks, neither network nor
physical attacks will do all that much.

-- 
pete@petertodd.ca http://www.petertodd.ca
-- 
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist