Posted on 06/21/2005 8:59:47 PM PDT by HAL9000
" That seems to be the case. The CardSystems employees were negligent and incompetent in choosing to deploy Microsoft products in their data center."
I disagree.
I'm not a big fan of Microsoft, but it's not any worse than anything else.
What I do for a living is to fly around, visit my customers, break into their applications, systems, and networks, and systems. The operating system it's self is only a small part of the total attackable surface area.
My understanding is that they knew where the problems were for a long time, knew how to fix them, and just plain old didn't apply the patches or make the configuration changes that they knew needed to be made.
"What I do for a living is to fly around, visit my customers, break into their applications, systems, and networks, and systems. The operating system it's self is only a small part of the total attackable surface area."
Left out the part 'tell them what to fix to keep the bad guys out' :)
Okay...so if you don't write 'em down, how do you store the passwords for use? And don't tell me you remember dozens of randomly-generated passwords....
We'll have to disagree about whether Microsoft is the worst, but good luck to you white hat folks!
The reason I say that is because the OS is a tiny part of an enterprise security posture.
Then why did they have the business? In other words, they outsourced the work and had absolutely zero control over how the transactions were being processed and how the data for same were stored. This mishap is just the tip, tip, tip of the iceberg, just the tip.
Like I said in my previous message, I have a program that keeps track of all that stuff for me. I have a master passphrase that is used to unlock the datafile used for this program. My passphrase for this program is around 30 or so characters in length, with letters, numbers, and punctuation. You can think of it as one big lock to guard lots of little secrets. You'd be amazed at how fast you can type a phrase that you use regularly.
There are a number of programs that you can use for this, that will keep track of the website, username, password, and comments for any number of sites. One of the best for Windows users is Password Safe". On my Linux boxes, I use gpasman.
These programs will let you copy/paste passwords in such a way that you never actually see the password you are using. Pretty cool IMO.
NOTE: If you use one of these programs, DO NOT LOSE YOUR DATAFILE or the PASSPHRASE to unlock it or you are really screwed.
Still doesn't answer my question...how can these programs "handle" your passwords when they are as hackable as anything else?
NOTE: If you use one of these programs, DO NOT LOSE YOUR DATAFILE or the PASSPHRASE to unlock it or you are really screwed.
So...what do you do...WRITE IT DOWN???
I could send you a copy of my password database and it wouldn't do you any good at all. Now, if someone were to hack my system and install a keylogger, they could capture my passphrase and my data, but that is something that you can do nothing about. Sure, you run a hardware firewall, and don't open unneccesary ports, and check for trojans and the like, but someone could come up with a zero-day exploit that allows them to root your box and you are toast no matter what you do.
The most important thing IMO is to backup as often as you can, and be as careful as is reasonable. Don't log in as root or a user with "administrator" privileges. And never ever use IE to browse the internet. Windows users have a lot more stuff they need to have a box be reasonably safe like an additional software firewall, virus scanners and stuff.
My advise, if you're concerned about safety and security is to use Linux or get a MAC. You can never be completely safe and secure, but nothing else is either, so why should computers be any different?
Many people actually do suggest that you write it down and put it in your wallet. Personally, I wouldn't do that. It's an important bit of information. Think about it and come up with something that is both memorable to you, and as hard as possible for someone else to guess. Wait a couple of days. If you can still remember it, use it. If not, come up with something else. Once you've got a good key, you can start using it. :-)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.