Security Basics mailing list archives
Re: Highlighting weak password dangers
From: anesde <anesde () gmail com>
Date: Wed, 31 Jan 2007 17:22:51 +0200
Doing it (use a password cracker) once or twice to present the importance of selecting strong passwords maybe a good idea. But doing that in the context of a security compliance initiative may cause problems, since it will make you aware of user passwords and raise accountability issues. just my 2cents, Anestis On 1/30/07, Alexander Bolante <alexander.bolante () gmail com> wrote:
out of curiosity - are you doing this as part of a security compliance initiative? or just to present to your current user community the importance of using strong passwords in adherence w/ security policy? On 1/24/07, WALI <hkhasgiwale () gmail com> wrote: > > > I want to highlight the danger of using weak passwords on servers and users > admin desktops. I have tested TSgrinder with a basic dictionary Brute Force > to access Remote Desktop exploit on both servers and desktops. The problem > here is that when connected to domain, the Account Lockout feature disables > the account quite soon. I can only show the exploit on machines not > connected to the domain where Domain Security policy doesn't flow down. > > What are other interesting and intriguing ways to present this problem? I > also need a system to do Passwords Audit on my domain and make then 'secure > password' policy compliance. > > -- DISCLAIMER This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.
Current thread:
- RE: Password Pride - A Humorous Vulnerability, (continued)
- RE: Password Pride - A Humorous Vulnerability Dixon, Wayne (Jan 22)
- Re: Password Pride - A Humorous Vulnerability Melissa (Jan 22)
- RE: Password Pride - A Humorous Vulnerability David Gillett (Jan 23)
- Re: Password Pride - A Humorous Vulnerability RS (Jan 22)
- RE: Password Pride - A Humorous Vulnerability Murda Mcloud (Jan 23)
- Message not available
- Highlighting weak password dangers WALI (Jan 24)
- RE: Highlighting weak password dangers Simon W. Hall (Jan 25)
- RE: Highlighting weak password dangers Scott Ramsdell (Jan 26)
- Re: Highlighting weak password dangers Manuel Arostegui Ramirez (Jan 26)
- Re: Highlighting weak password dangers Alexander Bolante (Jan 30)
- Re: Highlighting weak password dangers anesde (Jan 31)
- Re: Password Pride - A Humorous Vulnerability Melissa (Jan 22)
- RE: Password Pride - A Humorous Vulnerability Dixon, Wayne (Jan 22)
- Message not available
- Re: Port 8081 mystery WALI (Jan 24)
- Port 8081 mystery WALI (Jan 23)
- RE: Port 8081 mystery Gressick, Michael (Jan 24)
- Re: Port 8081 mystery Brian . D . Turk (Jan 24)
- RE: Port 8081 mystery Remad (Jan 24)
- Re: Port 8081 mystery George A. Theall (Jan 24)
- Re: Port 8081 mystery Johnny Wong (Jan 24)
- RE: Port 8081 mystery Sandro, Herpich (Jan 24)
- RE: Port 8081 mystery Christopher A. Libby (Jan 25)
- Re: Port 8081 mystery Alcides (Jan 24)