Comment Password/passphrase: both useless!! (Score 1) 233
Keyloggers!
2 minutes alone with an XP/2000/NT/3.1/DOS box in a conference room allows me time to add a software keylogger that will email me the longest passphrase you can type.
How?
1) boot (CD/Floppy/USB Key) to a freely avail linux distribution with tool to reset local admin password
2) install key logger as local administrator
2A) Wait for (sysadmin,manager,developer...)
3) read email logger sent with all the passwords
Or a hardware keylogger if i'm in a hurry or they have a linux desktop.
Depressing!
Forget passXXXXXXX! Time for 2factor (with time dependency). Anything less and you're kidding yourself and lying to your CIO.
Cheers.
(If you can prevent this attack - Please post!)
2 minutes alone with an XP/2000/NT/3.1/DOS box in a conference room allows me time to add a software keylogger that will email me the longest passphrase you can type.
How?
1) boot (CD/Floppy/USB Key) to a freely avail linux distribution with tool to reset local admin password
2) install key logger as local administrator
2A) Wait for (sysadmin,manager,developer...)
3) read email logger sent with all the passwords
Or a hardware keylogger if i'm in a hurry or they have a linux desktop.
Depressing!
Forget passXXXXXXX! Time for 2factor (with time dependency). Anything less and you're kidding yourself and lying to your CIO.
Cheers.
(If you can prevent this attack - Please post!)
