-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 2014-08-12 a las 22:05 -0400, Anton Aylward escribió:
On 08/12/2014 09:23 PM, Carlos E. R. wrote:
I know some people that use the exact same 4 digit "password" on all the places, from credit card pin to google.
In one sense I can't say I blame them.
I would at least use a different password for important sites, and another for non-important, non-money-involved sites. The danger here is that if some bad guy gets the password list of a site with low security, he inmediately will try those same passwords and matching users lists on other sites, important sites like say, banks, and get access on a percent of users, because they know of this "one password for all" practice. And they hit gold, of course.
You've recounted a good example of the ISP/database people being idiots. I too have encountered a site just recently that allowed ':' but not ';' and didn't say anything when I entered a password with a ';'. Not until I pressed 'submit', and then it said 'passwords don't match'. Which wasn't the error.
Yes, about the same thing that happened to me.
they had bought. No-one had actually RTFM.
Provided the FM does say about this...
While they pressured me into using some other password I did so only on condition they sent up a bug report to the vendor. The original developers had long since left the vendor's employ and this baffled them for about a week.
That's another issue. They hire some one to do the developping, but then don't keep at least some of the same people to do the maintenance. And often they pay ridicuously low wages, so they get what they paid for.
I happened across that cartoon and wondered, so I sent a copy to the ISP support and they sent it to vendor support. At first vendor support, so I'm told, dismissed it as "That can't possibly be what's wrong". The someone did test it and LO!
LOL :-) I must do that sometime. I would need a translated cartoon, though ;-)
Given figures like that its no wonder hackers steal millions of account entries.
Sigh. - -- Cheers Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlPsdf4ACgkQja8UbcUWM1y/rgEAgJNRhYYoV1jnibCwIpnubVi4 rOzebDWAVi4IxKRgpQwA/3fbb2xnDfFacaigQUEJcSBmLXOZk9pT6kaEapRuOaNV =0AXu -----END PGP SIGNATURE-----