Comments on: Sometimes I Just Shake My Head – Security Problem http://www.made2mentor.com/2009/04/sometimes-i-just-shake-my-head-security-problem/ Data Warehousing, Microsoft Business Intelligence, and Other Cool Stuff Thu, 09 Feb 2012 07:33:56 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Fred Crawford http://www.made2mentor.com/2009/04/sometimes-i-just-shake-my-head-security-problem/comment-page-1/#comment-3210 Fred Crawford Thu, 25 Jun 2009 21:12:09 +0000 http://www.made2mentor.com/?p=1569#comment-3210 I was helping a friend setup their new home PC the other day, and I wanted them to log into "com.cast" (their internet service provider) and change their password. We were having trouble getting their emails, and I wanted to verify that they had the correct password, and second, I figured it might be a good time to have them change their password. I was connected to them remotely, so I could see their screen. When they were on the screen where they had to type their old and new password, I told them I wouldn't look. They said no problem, it is asterisking out the letters as they type. So, I looked. As was good until them clicked the accept button, and then com.cast displayed a verification screen actually showing their old and new password (not asterisking them out). I couldn't believe it. Fred I was helping a friend setup their new home PC the other day, and I wanted them to log into “com.cast” (their internet service provider) and change their password. We were having trouble getting their emails, and I wanted to verify that they had the correct password, and second, I figured it might be a good time to have them change their password. I was connected to them remotely, so I could see their screen. When they were on the screen where they had to type their old and new password, I told them I wouldn’t look. They said no problem, it is asterisking out the letters as they type. So, I looked. As was good until them clicked the accept button, and then com.cast displayed a verification screen actually showing their old and new password (not asterisking them out). I couldn’t believe it.

Fred

]]> By: Brent Ozar http://www.made2mentor.com/2009/04/sometimes-i-just-shake-my-head-security-problem/comment-page-1/#comment-1599 Brent Ozar Sat, 25 Apr 2009 13:17:46 +0000 http://www.made2mentor.com/?p=1569#comment-1599 Actually, people don't even need to hack your email. All they have to do is sniff mail traffic anywhere between your home computer and Simple-Talk's mail server. It's relatively easy to find points where mail traffic is sent across the wire unencrypted (especially for people who use POP mail clients) and presto, they overhear your password as it comes through via the email content. Actually, people don’t even need to hack your email. All they have to do is sniff mail traffic anywhere between your home computer and Simple-Talk’s mail server. It’s relatively easy to find points where mail traffic is sent across the wire unencrypted (especially for people who use POP mail clients) and presto, they overhear your password as it comes through via the email content.

]]> By: Psynister http://www.made2mentor.com/2009/04/sometimes-i-just-shake-my-head-security-problem/comment-page-1/#comment-1536 Psynister Thu, 23 Apr 2009 18:06:10 +0000 http://www.made2mentor.com/?p=1569#comment-1536 I could not even begin to list the various sites I have seen that do the same thing. Typically I find them on social sites that have to do with blogs, forums, or some of ther form of site sharing ideas and information. I have various levels of passwords that I use. If the site has no information I would want confidential or does not have anything to do with anything important, then I use my generic username and password. Typically the passwords on these are simple character strings, primarily text with numeric and special characters only when required. For sites related to my income I use a different username and password. And sites related to expendatures, such as my bills, have yet another username and password. These always include alphanumeric and special characters. So I have varying degrees of UN/PW that I use depending on the purpose for which they are used. Basically I treat my own information like I would the users in one of my databases. My sites are my own database, and I have different levels of access required for different bits of information. I could not even begin to list the various sites I have seen that do the same thing.

Typically I find them on social sites that have to do with blogs, forums, or some of ther form of site sharing ideas and information.

I have various levels of passwords that I use. If the site has no information I would want confidential or does not have anything to do with anything important, then I use my generic username and password. Typically the passwords on these are simple character strings, primarily text with numeric and special characters only when required.

For sites related to my income I use a different username and password. And sites related to expendatures, such as my bills, have yet another username and password. These always include alphanumeric and special characters.

So I have varying degrees of UN/PW that I use depending on the purpose for which they are used. Basically I treat my own information like I would the users in one of my databases. My sites are my own database, and I have different levels of access required for different bits of information.

]]>