Follow Slashdot stories on Twitter


Forgot your password?
Polls on the front page of Slashdot? Is the world coming to an end?! Nope; read more about it. ×

Comment: Change management gone wrong (Score 1) 294

by SirNAOF (#46782809) Attached to: Ask Slashdot: System Administrator Vs Change Advisory Board

This sounds like change management gone wrong.

The idea of change management is to ensure that changes are tracked, but this sounds like bureaucratic crap. Setup WSUS so you can track what patches are applied where, and then talk to the CAB to approve monthly (or whatever schedule) patches en-masse. Otherwise you'll end up not patching, and that's an even worse result.

I don't mind change management when it's done with some amount of sanity.

Comment: Not an entirely new idea... (Score 3, Interesting) 140

by SirNAOF (#36180006) Attached to: Verifying Passwords By the Way They're Typed

I reviewed a company's offering a few years ago that was recording the relative timing between keystrokes when you entered a password. Any subsequent attempts had to match that relative pattern in order to be verified.

It failed miserably.

I had a demo with the company. They showed me a nice fake online banking login screen. They then told me the name and password and said "Go ahead and try to login." I did so. And it let me right in. The woman giving the demo couldn't believe it. I took a screenshot and sent it to her as verification. Sure enough, their system did not stop me from logging in.

So she reset the password to something else, ran through a couple of calibration runs to make sure she could login, and then again gave me the password. I once again logged in immediately.

Once more she changed the password, and again asked me to try it. I couldn't login. So I tried a few more times, and on the third try I was once again staring at fake bank accounts.

I realized two things from this demo. First, its easily breakable by a human with comparable typing skills to the victim when the password is known. Second, the only thing this (particular product) could defeat was an automated system attempting to login. ...I don't think that review ever got published...

10 to the 6th power Bicycles = 2 megacycles