Monday, February 21, 2005


Wearing Your Password On Your Sleeve

I've seen a lot of opportunity for this:

Computer hackers have taken to stealing data the easy way -- by eavesdropping on phone and e-mail conversations to find the keys to seemingly impregnable networks, security experts say.
The path of least resistance being chosen is no surprise, but listen up to the scale of the danger:
Security experts at Intrusic Inc. captured 4,466 passwords and 103 master passwords allowing global access to corporate databases while monitoring just one Internet service provider for a 24-hour period, Intrusic President Jonathan Bingham said. "It's like stealing candy from a baby," he said. "The malicious attacker will assume the identity of a person whose password they have stolen through this passive sniffing, and they end up entering this organization as a legitimate user."
Never use a critical password online, not even for a throwaway service (e.g. a one-time download of software). Keep your critical passwords, the ones you use for your bank accounts and such, separate from those of lesser import, y'know?