[somewhat OT] Re: [TriLUG] Linux Lab
Tom 'spot' Callaway
tcallawa at redhat.com
Mon Nov 4 21:03:17 EST 2002
On 4 Nov 2002, Elliot Peele wrote:
> Let me rephrase that....Use there SS# as there initial password and let
> them change it. NC Sate still uses SSNS as initial password for all
> incoming students, staff, and faculty.
Its a shoddy policy, unless they're forced to change password immediately.
SSNs are relatively trivial to come by, especially when they are used as
identifiers in a college environment where students work and live.
Once, while I was a student at NCSU, a friend asked me to go to the
records office to pick up some sorority paperwork for her, since she
wasn't done with her project (due that day), so I did. They never carded
me, or asked me who I was. I simply asked for the paperwork for the
sorority (no specifics, just like that), and they handed me a lengthy
printout. It contained the names, addresses, phone numbers, and SSNs of
all the people who had signed up to rush for that sorority.
100 freshmen SSNs may seem like immaterial, but not if they are passwords.
Makes for a nasty ddos.
IMHO, a far better method would be to assign random passwords to users,
then give the passwords to them in person. It is by no means a foolproof
system, but it is a far less obvious one.
~spot
---
Tom "spot" Callaway <tcallawa(a)redhat*com> Red Hat Sales Engineer
Sair Linux and GNU Certified Administrator (LCA)
Red Hat Certified Engineer (RHCE)
GPG: D786 8B22 D9DB 1F8B 4AB7 448E 3C5E 99AD 9305 4260
The words and opinions reflected in this message do not necessarily
reflect those of my employer, Red Hat, and belong solely to me.
"Immature poets borrow, mature poets steal." --- T. S. Eliot
More information about the TriLUG
mailing list