I think this topic is kinda going off topic-ish.
Sounds good. *hand shake of truce*Zimmer wrote:
At the end of the day, this site is safe, but you shouldn't in principle be putting in your passwords on random and potentially risky sites. Is that a better way of putting it?
3930K | H100i | RIVF | 16GB DDR3 | GTX 480 | AX750 | 800D | 512GB SSD | 3TB HDD | Xonar DX | W8
Not true. I have people giving me their passwords all the time - to their benefit. If someone has a department server that isn't supported by our desktop support teams (and most aren't, they just provide racks, network and power for them), they tend to come running to me for support. I can't help them unless they give me passwords. I always make very clear that they don't have to give me their password, but that their problems will be fixed much faster if they do.GC_PaNzerFIN wrote:
There are zero benefits from giving away your password, yet there is potential harm.
I see loads of scenarios every day when people benefit from giving out their passwords for various systems. I also hate SOX compliance with a passion. But then I also get very pissed off with all the chumps who don't conform with security policy.
Common sense is a good thing - but loads of security policies are not grounded in common sense and are just complete bullshit. I deal with user accounts and directory services systems all the time and get very frustrated by how stupid some of these rules are.GC_PaNzerFIN wrote:
It is useless to talk about security when ppl throw away all advice starting from most important one everyone should know by now, never tell your password to anyone. I wish one day people would start using their common sense, goes far in terms of security.
Of course, if it helps in house tech support you might ask for password. Especially if they physically bring the server to you. That is pretty guaranteed to be trustable, or someone is gonna get fired.
But it is not good idea to give passwords to anywhere outside your corporation for example. I am sure you understood my point.
I mean, comon. If I worked in same corporation as you, you being tech support for servers. That falls in the common sense box too to trust the guy.
But it is not good idea to give passwords to anywhere outside your corporation for example. I am sure you understood my point.
I mean, comon. If I worked in same corporation as you, you being tech support for servers. That falls in the common sense box too to trust the guy.
3930K | H100i | RIVF | 16GB DDR3 | GTX 480 | AX750 | 800D | 512GB SSD | 3TB HDD | Xonar DX | W8
I use https://www.passpack.com/ for some passwords for others I have a dedicated USB key
Fair enough.Zimmer wrote:
At the end of the day, this site is safe, but you shouldn't in principle be putting in your passwords on random and potentially risky sites. Is that a better way of putting it?
Thanks for being reasonable.
Funny enough, it seems about as on topic as you could be. A valid question of password security was raised, tested, and concluded on in a thread about password security, but it's sad that it turned it to a silly fight.RDMC wrote:
I think this topic is kinda going off topic-ish.
Glad it got resolved all nice-like. Didn't mean to lob a chaos grenade.rdx-fx wrote:
Fair enough.Zimmer wrote:
At the end of the day, this site is safe, but you shouldn't in principle be putting in your passwords on random and potentially risky sites. Is that a better way of putting it?
Thanks for being reasonable.
My job is testing shit developed to trick-fuck people in various ways and also to see if our stuff is vulnerable to getting trick-fucked (very technical terms, to be sure). That includes PEBKAC issues. So when I see stuff like this, the first thing I think of is, "Why in the wide, wide, world of sports would you EVER do that?!" Then I think of all the little jewels I've seen run through our test ranges that have looked absolutely benign, even on forensic analysis, that were anything but. And all they relied on was a stupid user trick to work--and they worked well.
“Everybody is a genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is stupid.”
― Albert Einstein
Doing the popular thing is not always right. Doing the right thing is not always popular
― Albert Einstein
Doing the popular thing is not always right. Doing the right thing is not always popular
Just got called by the phone scammers.
http://www.microsoft.com/australia/pres … phone-scam
You'd think they'd use a decent line or mike, could barely make out what they were saying.
"We have just detected your computer has downloaded a malicious virus, please go and turn your computer on and log into our website"
LOL Indians...
Still, my mother would have gone for it.
http://www.microsoft.com/australia/pres … phone-scam
You'd think they'd use a decent line or mike, could barely make out what they were saying.
"We have just detected your computer has downloaded a malicious virus, please go and turn your computer on and log into our website"
LOL Indians...
Still, my mother would have gone for it.
Русский военный корабль, иди на хуй!
TBH, one of the first things I thought about was if this guy was harvesting passwords. But I know next to nothing about web languages or w/e.
And I guess it shows. My 'secure' password would only last 4 days..
I have a few, but generally don't care about the other ones, i only use them to make an account somewhere, wouldn't really care if someone got those accounts tbh.
And I guess it shows. My 'secure' password would only last 4 days..
I have a few, but generally don't care about the other ones, i only use them to make an account somewhere, wouldn't really care if someone got those accounts tbh.
True true. Hence why I said -ish.Defiance wrote:
Funny enough, it seems about as on topic as you could be. A valid question of password security was raised, tested, and concluded on in a thread about password security, but it's sad that it turned it to a silly fight.RDMC wrote:
I think this topic is kinda going off topic-ish.
That's my point - common sense is the best security policy there is. Despite the fact that certain security policies in place don't adhere to basic common sense principles.GC_PaNzerFIN wrote:
Of course, if it helps in house tech support you might ask for password. Especially if they physically bring the server to you. That is pretty guaranteed to be trustable, or someone is gonna get fired.
But it is not good idea to give passwords to anywhere outside your corporation for example. I am sure you understood my point.
I mean, comon. If I worked in same corporation as you, you being tech support for servers. That falls in the common sense box too to trust the guy.
For example for a particular system if a user wants their password reset they need to phone the support team, give them a secure PIN code that only they know (which the support team then type into a window to verify whether it is accurate) and then get their new password mailed back to them.
That seems like a flawed system to me. A signed email is more secure than a phone call. Sending secure information by email is more secure than just telling it to someone over the phone. Yet this is a real security policy that needs to be adhered to where I work. Does it mke any sense? No, not one bit.
Yeah I'll just go ahead and type in a password into some random website, if I used a fake password it would defeat the whole purpose and if I used a real one it's risky. No way man, No can do
Surely the first step in password security is making sure you keep it to yourself
Last edited by Mekstizzle (2010-10-22 03:22:56)
Missed a few pages, Mek
LoL
troll or dumbassMekstizzle wrote:
Yeah I'll just go ahead and type in a password into some random website, if I used a fake password it would defeat the whole purpose and if I used a real one it's risky. No way man, No can do
Surely the first step in password security is making sure you keep it to yourself
what a coincidence!Finray wrote:
troll or dumbassMekstizzle wrote:
Yeah I'll just go ahead and type in a password into some random website, if I used a fake password it would defeat the whole purpose and if I used a real one it's risky. No way man, No can do
Surely the first step in password security is making sure you keep it to yourself