IT Security advice / rant

Puckstop31

Super-Genius
Joined
Jul 8, 2005
Messages
5,847
Likes
0
Points
0
Age
48
Location
Lancaster, PA, USA
#1
I do IT security stuff for a living. So, "Client X" im not kidding when I say you should have a complex password. No, I don't care that its sucks to have to change it all the time or its hard to remember. Yes, even on top of the fancy firewall you bought. Why? Because you want to use service X directly, which is against my advice.


"Client X" was hacked. Bad guys exploited a commonly used IP port to get on the main server, logged in with "Client X's" account that uses a password that is the SAME as the account name. Morons. Of course, they want to blame the firewall. Its only as secure as you let me make it. I told you leaving that service open was a risk, you didn't care. I bet you do now, eh?

Don't get me wrong, I am happy to serve my clients. The capitalist in me even LIKES it when they don't listen. LOL But still.... Why pay for our advice, then not take it?


/rant

If you read this all, thank you. <click>, <treat> :)
 

Lilavati

Arbitrary and Capricious
Joined
Sep 3, 2007
Messages
7,644
Likes
0
Points
36
Age
45
Location
Alexandria, VA
#2
Explain it this way. You can buy the best fancy mutli-barrel, electric, super-duper invented by the CIA lock on the market. But if you leave the key hanging next to it, its not going to do you much good.
 

Taqroy

Active Member
Joined
Oct 7, 2009
Messages
5,566
Likes
0
Points
36
Location
Colorado
#5
Ouch. However - have you seen Archer? In the first episode there's a part where he logs into their server under the "guest" account and it makes me laugh every single time. And then it makes me want to cry cause people actually do that.
 

Puckstop31

Super-Genius
Joined
Jul 8, 2005
Messages
5,847
Likes
0
Points
0
Age
48
Location
Lancaster, PA, USA
#7
Ouch. However - have you seen Archer? In the first episode there's a part where he logs into their server under the "guest" account and it makes me laugh every single time. And then it makes me want to cry cause people actually do that.
LOL. 'Guest' on a Windows machine is extra credit stupid.... Because you would have had to enable the account. It is usually disabled by default.

Ill try to check Archer out.
 

AliciaD

On second thought...
Joined
May 15, 2011
Messages
1,560
Likes
0
Points
36
#8
I was slightly bitter when the university required our password to have uppercase, lowercase, symbol, number, and over 16 characters.

But now that I've remembered my password I think it would take others quite a while to figure it out (hack around it- not so long, but to actually figure it out).
 

Lilavati

Arbitrary and Capricious
Joined
Sep 3, 2007
Messages
7,644
Likes
0
Points
36
Age
45
Location
Alexandria, VA
#9
I have to admit, I don't always use my best judgement with passwords. I try . . . but I simply can't have a different password for everything . . . unless I write them down, which is possibly worse than reusing them.
 

AliciaD

On second thought...
Joined
May 15, 2011
Messages
1,560
Likes
0
Points
36
#10
I have to admit, I don't always use my best judgement with passwords. I try . . . but I simply can't have a different password for everything . . . unless I write them down, which is possibly worse than reusing them.
I do reuse passwords, but they've all been made up words- like frindle, except I came up with them myself (so don't try to hack my chaz account with "frindle"!) so I think there's an added level of protection there.
 

Zoom

Twin 2.0
Joined
Jul 11, 2005
Messages
40,739
Likes
3
Points
38
Age
40
Location
Denver, CO
#11
I was reading someone's blog one time and they said they use the Kid.0 password generator. As in, he would just randomly yell at his kids "Give me three letters and three numbers!" and then make those into a password.
 

Taqroy

Active Member
Joined
Oct 7, 2009
Messages
5,566
Likes
0
Points
36
Location
Colorado
#12
LOL. 'Guest' on a Windows machine is extra credit stupid.... Because you would have had to enable the account. It is usually disabled by default.

Ill try to check Archer out.
Just a warning, it's not really acceptable for...um...anyone. It is absolutely hilarious if you're not easily offended though. I think it's awesome but YMMV lol.
 

Romy

Taxiderpy
Joined
Dec 2, 2006
Messages
10,233
Likes
1
Points
38
Location
Olympia, WA
#13
This reminds me of the time I was visiting some guy friends in their super duper bachelor house of stank. They're all avid gamers/programmers/etc. and had 7-8 computers set up to do lan games.

I was bored, wanted to play some games, but the computers were password protected and nobody was home to tell me what it was. I typed P-O-O-P, pressed enter, and voila! Instant access! :rofl1:
 

Pops2

Active Member
Joined
Sep 21, 2008
Messages
3,072
Likes
0
Points
36
Location
UT
#14
Stupid is often as good for business as it can be bad, depedning on your line of work I reckon. LOL
if it weren't for politics or other stupidity pushing wildlife management decisions, ADC guys would be much fewer & a lot farther between.
CA is a great example. because the fish & game got greedy & raised the price of feral hog tags & because the politicians in the 50s were [email protected]$$ enough to give them protected game status, i could have been making a couple of grand a month doing ADC work out there on the weekends. unfortunately i will not be going to CA for language school.
 
B

Backward_Cinderella

Guest
#15
I learned from the military how to make passwords... I dare you to try and figure out my two hundred and fifty six character (including caps, numbers, lower case and special characters!) password... OK, it isn't that long, but anyone looking over my shoulder to get it would get lost insanely fast.

I'm sorry people are idiots Puck. That seems to be the majority, unfortunately.
 

Members online

No members online now.
Top