Keyloggers! 2 minutes alone with an XP/2000/NT/3.1/DOS box in a conference room allows me time to add a software keylogger that will email me the longest passphrase you can type.
How? 1) boot (CD/Floppy/USB Key) to a freely avail linux distribution with tool to reset local admin password 2) install key logger as local administrator 2A) Wait for (sysadmin,manager,developer...) 3) read email logger sent with all the passwords
Or a hardware keylogger if i'm in a hurry or they have a linux desktop.
Depressing!
Forget passXXXXXXX! Time for 2factor (with time dependency). Anything less and you're kidding yourself and lying to your CIO.
A question for the more attuned: What if (and i'm not saying it is true, but this should be checked into) it were the case that, where hash collisions do occur, that the original plaintext messages are necessarily of different lengths.
That is, even though they result in the same hashes, they are different lengths. Couldn't a method taking advantage of that knowledge make it possible to identify the "true" original plaintext?
Am I at least potentially right? Or should I just go back to reading my Archie comic book?
21CFR11 is relevant to systems used for documenting drug development, but really does represent good practices fo any software. However, there is actually no such specific standard for general health care. Hipaa Privacy, and soon, hipaa security, cop out to vaguely defined, non specific quasi standards that give way too much wiggle room. They took the teeth even out of electronic signatures in the final version.
Writ your software, sell it for millions, don't worry: the eula promises nothing to the customer, anyway. FOSS at least delivers moer than its cost!
(Knoppix is a no-instllation needed version of Linux for all you poor MS afflicted hermits...Live cd, no hard disk space really needed...and free, of course!)
With a cable modem in place, allowing dhcp, web based email, she's set. One (well a few times) showing her how to start her browser. Open office is there, but all she really does is email anyway.
Power down at night, and every morning is a clean new machine. I even left her a spare cd.
Slashdot Mirror
Keyloggers!
2 minutes alone with an XP/2000/NT/3.1/DOS box in a conference room allows me time to add a software keylogger that will email me the longest passphrase you can type.
How?
1) boot (CD/Floppy/USB Key) to a freely avail linux distribution with tool to reset local admin password
2) install key logger as local administrator
2A) Wait for (sysadmin,manager,developer...)
3) read email logger sent with all the passwords
Or a hardware keylogger if i'm in a hurry or they have a linux desktop.
Depressing!
Forget passXXXXXXX! Time for 2factor (with time dependency). Anything less and you're kidding yourself and lying to your CIO.
Cheers.
(If you can prevent this attack - Please post!)
A question for the more attuned: What if (and i'm not saying it is true, but this should be checked into) it were the case that, where hash collisions do occur, that the original plaintext messages are necessarily of different lengths. That is, even though they result in the same hashes, they are different lengths. Couldn't a method taking advantage of that knowledge make it possible to identify the "true" original plaintext? Am I at least potentially right? Or should I just go back to reading my Archie comic book?
21CFR11 is relevant to systems used for documenting drug development, but really does represent good practices fo any software. However, there is actually no such specific standard for general health care. Hipaa Privacy, and soon, hipaa security, cop out to vaguely defined, non specific quasi standards that give way too much wiggle room. They took the teeth even out of electronic signatures in the final version. Writ your software, sell it for millions, don't worry: the eula promises nothing to the customer, anyway. FOSS at least delivers moer than its cost!
Well, um, actually I gave her Knoppix.
(Knoppix is a no-instllation needed version of Linux for all you poor MS afflicted hermits...Live cd, no hard disk space really needed...and free, of course!)
With a cable modem in place, allowing dhcp, web based email, she's set. One (well a few times) showing her how to start her browser. Open office is there, but all she really does is email anyway.
Power down at night, and every morning is a clean new machine. I even left her a spare cd.
No muss, no fusss!