[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re[2]: [SAGE] The danger of SSH keys..

To: Theodore Tso <tytso@mit.edu>
Subject: Re: Re[2]: [SAGE] The danger of SSH keys..
From: dan@geer.org
Date: Mon, 22 Jan 2007 23:31:12 -0500
cc: sage-members@usenix.org
In-Reply-To: Your message of "Mon, 22 Jan 2007 17:36:28 EST." <20070122223627.GA26366@thunk.org>
Sender: owner-sage-members@usenix.org


Theodore Tso writes:
 | 
 |                                             In another real world
 | example, the security office set some obnoxious password policy that
 | caused passwords to be impossible to remember, and then required
 | changing said obnoxious passwords every 30 days.  But this was at a
 | company where the traders were making bazillions of dollars every day,
 | and rule #1 was "thou should not piss off the traders, for they make
 | your company rich and can go find a job with the competition".  So the
 | company hired a set of runners who were given the traders' passwords,
 | and every morning before the traders came in, the runners would run
 | around to all of the trading workstations and log in the traders so
 | they wouldn't have to. 
 | 


for the record, I can corroborate the above

--dan

References:
- Re: Re[2]: [SAGE] The danger of SSH keys..
  - From: Theodore Tso <tytso@mit.edu>

Prev by Date: Re: Bugging devices Re: Other ethical questions (was: Re: [SAGE]Ethical question - to disclose or not to disclose)
Next by Date: Re: Re[2]: [SAGE] The danger of SSH keys..
Prev by thread: Re: Re[2]: [SAGE] The danger of SSH keys..
Next by thread: Re: [SAGE] The danger of SSH keys..
Index(es):
- Date
- Thread