[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Henry Bremridge wrote: > http://news.bbc.co.uk/1/hi/technology/8153122.stm > > In short: > > - Either an employee or Twitter as a policy matter put their financial > projections etc on google docs. A user with access to these figures > had a bad password for their web email > > - The users personal email was hacked by guessing the password, and > access obtained to the google docs website > > Extract from the BBC article > > The hacker has claimed to have wanted to teach people to be more careful > and in a message to the French blog Korben, wrote that his attack could > make internet users "conscious that no one is protected on the net." > > "The security breach exploited "an easy-to-guess password and recovery > question, which is one of the simplest ways to make a username and > password combination really insecure," said Phil Wainewright of > ZDNet.com > > "Unfortunately, users won't wise up until the cloud providers force them > to." > > In a study last year the security firm Sophos found that 40% of internet > users use the same password for every website they access. > > > If I register with 10 sitres, all of which require a password do you expect me to remember 10 passwords which are ideally meant to be a combination of 8 or more upper / lower case letters and numbers. I think a lot of people find this hard, until a system is devised where one can use some sort of secure password, that can be universal, open id, sort of thing perhaps. then this problem will persist, its easier to remember dictionary words. either that or people simply write their password down on a note pad and keep it near the computer, far easier then remembering a password as described above. I think the whole authentication system needs looking at, rather than expecting users to change their habits. Paul - -- Paul Sutton www.zleap.net Support Open and ISO standard file formats ISO 26300 odf http://www.odfalliance.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkpe9LgACgkQaggq1k2FJq0uNQCfVHcCqRgz65O7o7bVogU2lEBj QHoAoImdiCtd/LcWwXcIHf/8FXDDBBZl =aFzH -----END PGP SIGNATURE----- -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html