Slashdot Mirror

← Back to Stories (view on slashdot.org)

UC Berkeley Cleaning up its Security Act

Posted by ryuzaki0 on from the case-studies-in-self-evaluation dept.

Bob Brown writes "UC Berkeley recently issued a scathing self-assessment of its IT department, which has been under fire in the wake of a couple of high profile security lapses at the school. NetworkWorld has a review of what the school's top networking guy says is being done to both secure and strengthen UC Berkeley's computer networks."

2 of 79 comments (clear)

  1. Re:Faulty Password Protection by LilGuy · · Score: 4, Insightful

    You know, having so many rules might narrow down the crack time as well, if you know what they are. Obviously if you can get a huge dictionary, you won't need to try any combination of characters with a word in it. You won't need anything less than 8 characters, and you'll have to try at least one capital letter and a number, but most people will probably use two. People tend to like symmetry even in their passwords because it makes it easier to remember one half of something and then just spit it out again backwards. The non-alphanumeric character is kinda the stickler though. My best guess is that it will either be in the middle of the password or at the very end... probably by someone getting frustrated on their 10th attempt to set the password and finally figuring out what a non-alphanumeric key is.

    But I'm not saying it's not a good idea. I just wanted to point out that the more rules you have to make your passwords secure, the less secure they may become.

    --

    You're nothing; like me.
  2. Sensitive stuff on laptops by Lewisham · · Score: 2, Insightful

    The article, sadly, doesn't push on finding out why people were carrying around laptops full of sensitive information.

    Why did they need it? "Oh, I'll just download an Excel file of every students personal details so I can make that Powerpoint presentation I want!" Why weren't they using some method of protecting the student's data at all? If I had access to data like that, I would only expect to get it on-demand from a server across a secure VPN with a tough password (SecurID perhaps).

    I don't understand why you would want such information downloaded unless you were going to do something malicious. Could someone explain to me why these people were just walking out the doors with entire databases in their rucksacks?