Berkeley CSUA MOTD:Entry 13284
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2025/07/10 [General] UID:1000 Activity:popular
7/10    

2004/4/20 [Computer/SW/Security] UID:13284 Activity:nil
4/20    BBC: 70% of computer users would trade password for chocolate bar.
        http://news.bbc.co.uk/1/hi/technology/3639679.stm
        \_ That is, 70% of computer users would make up a random word for a
           chocolate bar.
           \_ *snicker*
              \_ No.  Snickers.
        \_ eat bar, change password.
           \_ wrong order.  get bar, change password, eat bar.
             \_ (get bar - assume) , change password first could risk
                loosing the bar when they cant login
                \_ correct, trick is to eat the bar fast enuf to
                be able to change password before they try to login
                \_ converted into an interview question: you're fired!
ERROR, url_link recursive (eces.Colorado.EDU/secure/mindterm2) 2025/07/10 [General] UID:1000 Activity:popular
7/10    

You may also be interested in these entries...
2013/10/24-11/21 [Computer/Companies/Apple] UID:54747 Activity:nil
9/19    "No, A Severed Finger Will Not Be Able to Access a Stolen iPhone 5S"
        http://mashable.com/2013/09/15/severed-finger-iphone-5s
        I'm sure the Apple QA department has tested extensively that a severed
        finger will not be able to access a stolen iPhone 5S.
        \_ It doesn't matter whether or not a severed finger can be used.  It
           matters whether or not a robber thinks that a severed finger can be
	...
2013/6/6-7/31 [Politics/Foreign/Asia/China, Computer/SW/Security] UID:54690 Activity:nil
6/6     Wow, NSA rocks. Who would have thought they had access to major
        data exchangers? I have much more respect for government workers,
        crypto experts, mathematicans now than ever.
        \_ flea to Hong Kong --> best dim-sum in the world
           \_ "flee"
        \_ The dumb ones work for DMV, the smart ones for the NSA. If you
	...
2012/8/26-11/7 [Computer/SW/Security] UID:54465 Activity:nil
8/26    Poll: how many of you pub/priv key users: 1) use private keys that
        are not password protected 2) password protect your private keys
        but don't use ssh-agent 3) use ssh-agent:
        1) .
        2) ..
        3) ...
	...
2012/8/29-11/7 [Computer/SW/Security] UID:54467 Activity:nil
8/29    There was once a CSUA web page which runs an SSH client for logging
        on to soda.  Does that page still exist?  Can someone remind me of the
        URL please?  Thx.
        \_ what do you mean? instruction on how to ssh into soda?
           \_ No I think he means the ssh applet, which, iirc, was an applet
              that implemented an ssh v1 client.  I think this page went away
	...
2012/9/24-11/7 [Computer/SW/Languages, Computer/SW/Unix] UID:54484 Activity:nil
9/24    How come changing my shell using ldapmodify (chsh doesn't work) doesn't
        work either? ldapsearch and getent show the new shell but I still get
        the old shell on login.
        \_ Scratch that, it magically took my new shell now. WTF?
           \_ probably nscd(8)
	...
2012/8/7-10/17 [Computer/SW/Security] UID:54455 Activity:nil
8/6     Amazon and Apple have lame security policies:
        http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all
        "First you call Amazon and tell them you are the account holder, and
         want to add a credit card number to the account. All you need is the
         name on the account, an associated e-mail address, and the billing
         address. "
	...
2012/7/13-8/19 [Computer/SW/Security, Computer/Companies/Yahoo] UID:54436 Activity:nil
7/13    Why would Yahoo store passwords unencrypted?  I recall that even 20+
        years ago the passwords stored in /etc/passwd on instructional
        machines here at Cal were one-way encrypted.  (I think those were
        Ultrix machines.)
        \_ Doesn't this say anything already?
           http://finance.yahoo.com/echarts?s=YHOO+Interactive#symbol=yhoo;range=5y
	...
Cache (7104 bytes)
news.bbc.co.uk/1/hi/technology/3639679.stm
More than 70 of people would reveal their computer password in exchange for a bar of chocolate, a survey has found. It also showed that 34 of respondents volunteered their password when asked without even needing to be bribed. A second survey found that 79 of people unwittingly gave away information that could be used to steal their identity when questioned. Security firms predict that the lax security practices will fuel a British boom in online identity theft. Security shock The survey on passwords was carried out for the Infosecurity Europe trade show due to take place at Olympia in London from 27-29 April. The survey data was gathered by questioning commuters passing through Liverpool Street station in London and found that many were happy to share login and password information with those carrying out the research. As well as people simply telling the questioners their passwords or saying they would hand them over in exchange for some confectionery, a further 34 revealed the word or phrase they used when asked if it had anything to do with a pet or childs name. Family names, pets and football teams were all used by those questioned to provide inspiration for a password. The survey found that, on average, people have to remember four passwords, though one unlucky respondent had to remember 40. Some of those questioned simply use the same password for every system they must log on to. Those that used several passwords often wrote them down and hid them in a desk or in a document on their computer. Almost all of those questioned, 80, said they were fed up with passwords and would like a better way to login to work computer systems. Stolen goods A separate survey carried out for RSA Security found further evidence of the lax password and security habits of Britons. It found that many people volunteered important personal information, such as their mothers maiden name or their own date of birth, when questioned during a street survey. Such information is coveted by identity thieves as these facts are often used by sites as security checks. The RSA survey found that maintaining online identities is becoming a burden for many people who, on average, use 20 sites that require them to register and then log on afterwards. To make these different online personas easy to manage, two-thirds use the same password for all the different sites. Of those questioned 33 said they shared passwords or wrote them down to make it easy to remember which one to use on which website. We are amazed at the level of ignorance from consumers on the need to protect their online identity, said Tim Pickard, spokesman for RSA Security. Tony Neate, from the National Hi-Tech Crime Unit, said the British economy loses millions of pounds a year as a result of identity fraud. This can only increase if people do not become more aware of their responsibilities to protect their virtual identities, he said. Send us your comments using the form below So Tim Pickard for RSA Security is Amazed at the level of ignorance from consumers on the need to protect their online identity, ? I am amazed at the stupidity of the IT industry in creating this problem in the first place. It is not just passwords that need to be remembered, user names also vary, as each site has its own format and character restrictions, eg some allow dot & some dont, some allow slash and some dont, etc. That is before you ask the question why does this site need login details at all? Philip Mulholland, Edinburgh, Scotland I work for a high profile IT company and I am amazed at the number of people that use common everyday names or words as passwords. We have to use alphanumeric passwords ie mer45cedes as an example. As a word of advice to anyone who is confronted with the common practice of using mothers maiden name when setting up an account online - dont use her real maiden name, use anything else you like. You dont have to use the real name, just remember a fictitious one for computer use only. Also, dont use your name as a log-in, use something alphanumeric such as your car and car registration number ie peugeotrv02tkn - it is just as easy to remember usually but harder to crack. The idea that we can remove all risk is foolish Jim, Milton Keynes UK . It is interesting that security companies are highlighting the issues of people using the same password for multiple systems and sites as a security flaw whilst many companies are calling for single login for their corporate systems including many government departments. Using a single password is no more insecure than using a different one for every system. The problem is not with how many passwords however but educating people not to reveal the information to anyone. It is impossible to create a fully secure system apart from putting it in a room with no network connectivity, never turning it on and banning people from using it. Business should take the lead with support from Government to educate users in to how they can mitigate the risks of identity theft. The exercise should be repeated at least twice and preferably more frequently. Jim, Milton Keynes UK The first person or company able to provide a low-cost, effective, secure alternative to the problem of us ignorant consumers not being able to remember or manage a multitude of passwords without writing them down and/or using the same password in lots of places will be richer than Bill Gates. Ross Gerring, Perth, Australia So were not supposed to use the same password for different systems and were not supposed to write them down. Until the software companies or website managers make it easier to access and use their systems users will always share passwords across sites or simply use words or phrases they can easily remember. Mark, Sheffield I have six passwords for systems at work alone all need changing every three months and I cannot repeat a password that has been used as one of the previous six I have used. In theory these security measures make things safer but in reality everyone uses the same password for everything or keeps them on a list. Phil Barrett, Leeds Are you sure this is not 70 of people would lie and pretend to reveal their computer password in exchange for a bar of chocolate? Roger Savery, Buxton, UK I think that the worst thing that you can be asked to do is to keep changing your password. When you have tens of systems which require a password, if you have to keep changing them, you have to write them down to remember them - its just too hard to remember otherwise. Time to step back and think about security taking real people in to account, not some imaginary perfect user. Martin Millmore, Reading, UK Id reveal my password to anybody if they were offering me free chocolate! Go and buy Roboform and save all your passwords which can be as difficult as you like on a pendrive which you can take with you. Then you can almost forget about passwords Graeme Williams, London UK Name Your E-mail address Town & Country Comments Disclaimer: The BBC may edit your comments and cannot guarantee that all e-mails will be published.