There is no patch….
for human stupidity. This article from SFGate proves it.
More than one-third of Internal Revenue Service employees and managers who were contacted by Treasury Department inspectors posing as computer technicians provided their computer login and changed their password, a government report said Wednesday.
You would think the government would put out some kind of memo telling people to never give out their passwords or let someone talk them into changing their password to one chosen for them. How could they even justify dropping the ball? “Well, he said he worked for the IT department. I know it was over the phone but his voice sounded so techy that I believed him.”
Want to know what the worst part was?
“We were able to convince 35 managers and employees to provide us their username and change their password,” the report said.
That was a 50 percent improvement when compared with a similar test in 2001, when 71 employees cooperated and changed their passwords.
Let’s think about this for a minute. If this kind of test has been done before, and so many failed, they should have some kind of training to stop this from happening. This is a major security issue and it seems that the weakest link, human stupidity, is not being addressed. Maybe, just maybe, this is a wake up call and something will be done about it. Failing once isn’t too bad because you can fix the issue but failing twice is inexcusable.
Where are the network admins/managers? Why are they not following up on this kind of thing in an effort to secure their network? Time for another security audit and lots of “Do this but don’t do that” memos.
17.Mar.05 
Government, Moron 
Comments (0)
They weren’t majoring in ethics
Harvard University has rejected the application of 119 people because they were found to have hacked into the school’s admission web site. The site is used by many universities and other schools are investigating to see if any of their applicants did the same thing.
The students, or rather “student hopefuls”, used the exploit found by a hacker in order to gain access to the site and see if their application had been accepted.
Until yesterday, Harvard, which had branded the hacking as unethical from the start, stopped short of explicitly saying the hackers’ applications would be rejected. Other victims, such as MIT’s Sloan School of Management, Stanford’s Graduate School of Business, Duke’s Fuqua School of Business, and Dartmouth’s Tuck School of Business similarly said they frown upon the hacking and are investigating, but have not said they will reject applications.
I applaud Harvard’s decision. A strong stance is needed in order to show other prospective students that unethical tactics will not be tolerated and have severe penalties. It wouldn’t have killed these people to wait and see if their application was approved. That’s why you apply to several colleges/universities and hope that at least one accepts you.
08.Mar.05 Moron Comments (0)
Why? Bunch of sheep.
Some people are so pathetic, wanting to emulate a celebrity. It looks like the news about Paris Hilton’s T-Mobile account getting hacked actually increased demand for the service! According to TechNewsWorld:
T-Mobile stores in New York are selling out of Sidekicks (a handheld device that stores information online) despite or, more likely, because of that fact that celebrity phone numbers and naughty pictures were stolen off one belonging to bad-girl heiress Paris Hilton.
Maybe Microsoft should increase the amount of security holes in Windows, let someone like Paris’ computer get hacked and then Windows will take 100% of the desktop market. That’s what always drives me to purchase a piece of technology.
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.
03.Mar.05 General, Moron Comments (0)
Was Paris’ T-Mobile account “hacked”?
That’s a tough decision. Her account was accessed because she used the secret question “What is your favorite pet’s name?“. I can’t believe she really thought no one would be able to figure that out. Wait, this is Paris Hilton so I guess I can believe it. Maybe if she had read the SANS Top 20 Vulnerabilities report she would have seen that weak passwords are a no no. Is knowing the possible answer to a security question really hacking?
I think websites should get rid of the password hint system. That, or have some way of creating secure passwords for it’s users. WinGuides.com offers a password generator on their website. You can also download/try Password Safe to not only create secure passwords but to also securely store them for future reference (for those of you with a bad memory).
You know, minimum security prison is no picnic. I had a client in there once. He said the trick is kick someone’s ass the first day, or become somebody’s bitch. Then everything will be alright.
23.Feb.05 Moron, Technology Comments (0)
Another hostage?
An Iraqi militant website claims to have a US soldier as a hostage. They are threatening to behead him if the US doesn’t pull out within 72 hours. Take a look at this Associated Press photo and let me know if you see anything wrong.
Hint: Kung fu grip
02.Feb.05 Humor, Moron Comment (1)
- wyckedone.net
- si vis pacem, para bellum
F/OSS
Free Antivirus
Free Firewall
Free Utilities
Links
Tech Articles
Tech Boards
This site runs on
