Comments on: Entering a Password Multiple Times for Security http://www.intelliot.com/blog/archives/2004/06/20/entering-a-password-multiple-times-for-security/ Thoughts, opinions and fascinating discoveries by Elliot, a student at USC Sat, 06 Sep 2008 16:23:56 +0000 http://wordpress.org/?v=2.6.1 By: SysAdmin http://www.intelliot.com/blog/archives/2004/06/20/entering-a-password-multiple-times-for-security/#comment-14893 SysAdmin Mon, 05 Sep 2005 08:41:11 +0000 http://www.intelliot.com/blog/archives/2004/06/20/entering-a-password-multiple-times-for-security/#comment-14893 The real urls: <a href="http://www.securityfocus.com" rel="nofollow">Security Focus - It security news</a> <a href="http://www.securitynewsportal.com" rel="nofollow">Security News Portal</a> The real urls:
Security Focus - It security news

Security News Portal

]]> By: SysAdmin http://www.intelliot.com/blog/archives/2004/06/20/entering-a-password-multiple-times-for-security/#comment-14892 SysAdmin Mon, 05 Sep 2005 08:40:02 +0000 http://www.intelliot.com/blog/archives/2004/06/20/entering-a-password-multiple-times-for-security/#comment-14892 HP warns over OpenView flaw John Leyden, The Register 2005-08-31 Enterprise users are been urged to apply workarounds following the discovery of a potentially troublesome vulnerability involving a component of HP's widely used network management suite, HP OpenView. A security bug in Network Node Manager opens the door to possible hacker attack, according to work by security researchers at Portcullis Computer Security and NGS Software. Network Node Manager (NNM) allows networks managers to monitor and control the operation of network devices. The flaw creates a means for hackers to execute potentially malicious shell commands by exploiting inadequate input checks involving scripts (e.g. cgi-bin/connectedNodes.ovpl) used by various versions of NNM. The vulnerability affects versions 6.2, 6.4, 7.01, and 7.50 of OpenView NNM running on HP-UX, Solaris, Windows NT, Windows 2000, Windows XP and Linux systems. Find more on It security on... <a href="http://www.torrentvalley.com/latest/News/Latest-IT-Technology-News/IT-Security/" rel="nofollow">It security news from 120 sources</a> <a href="http://www.www.securityfocus.com" rel="nofollow">Security Focus - It security news</a> <a href="www.securitynewsportal.com" rel="nofollow">Security News Portal</a> HP warns over OpenView flaw
John Leyden, The Register 2005-08-31

Enterprise users are been urged to apply workarounds following the discovery of a potentially troublesome vulnerability involving a component of HP’s widely used network management suite, HP OpenView. A security bug in Network Node Manager opens the door to possible hacker attack, according to work by security researchers at Portcullis Computer Security and NGS Software.

Network Node Manager (NNM) allows networks managers to monitor and control the operation of network devices. The flaw creates a means for hackers to execute potentially malicious shell commands by exploiting inadequate input checks involving scripts (e.g. cgi-bin/connectedNodes.ovpl) used by various versions of NNM. The vulnerability affects versions 6.2, 6.4, 7.01, and 7.50 of OpenView NNM running on HP-UX, Solaris, Windows NT, Windows 2000, Windows XP and Linux systems.

Find more on It security on…

It security news from 120 sources

Security Focus - It security news

Security News Portal

]]> By: Anonymous http://www.intelliot.com/blog/archives/2004/06/20/entering-a-password-multiple-times-for-security/#comment-13249 Anonymous Tue, 28 Jun 2005 13:50:03 +0000 http://www.intelliot.com/blog/archives/2004/06/20/entering-a-password-multiple-times-for-security/#comment-13249 Interesting concept, but the reason brute force is working now a days is because of computing power. This concept is already applied in a lot of software but the other way around. You have only a limited number of attempts before locked out, this renders brute force obsolete... for now I think the best option is to create a secure password. <a href="http://blog.logtar.com/?p=465" title="Password Security" rel="nofollow"></a> Interesting concept, but the reason brute force is working now a days is because of computing power. This concept is already applied in a lot of software but the other way around. You have only a limited number of attempts before locked out, this renders brute force obsolete… for now I think the best option is to create a secure password.

]]> By: Anonymous http://www.intelliot.com/blog/archives/2004/06/20/entering-a-password-multiple-times-for-security/#comment-13003 Anonymous Sat, 25 Jun 2005 18:19:56 +0000 http://www.intelliot.com/blog/archives/2004/06/20/entering-a-password-multiple-times-for-security/#comment-13003 i have a password hacked so plz give me my password i have a need it i hope u give me this id password i have a password hacked so plz give me my password i have a need it i hope u give me this id password

]]> By: William http://www.intelliot.com/blog/archives/2004/06/20/entering-a-password-multiple-times-for-security/#comment-101 William Wed, 23 Jun 2004 06:38:30 +0000 http://www.intelliot.com/blog/archives/2004/06/20/entering-a-password-multiple-times-for-security/#comment-101 That's a great idea for people who are used to technology. My problem with it is that it doesn't work for others who don't use computers as much. I can't imagine telling my parents that they're entering the right password when the computer is telling them "Invalid Password". Of course, if someone is going to use an automated script to break the password, we can simply replace the phrase "Invalid Password" with something like "Please re-enter your password." That’s a great idea for people who are used to technology. My problem with it is that it doesn’t work for others who don’t use computers as much. I can’t imagine telling my parents that they’re entering the right password when the computer is telling them “Invalid Password”. Of course, if someone is going to use an automated script to break the password, we can simply replace the phrase “Invalid Password” with something like “Please re-enter your password.”

]]> By: Jesse http://www.intelliot.com/blog/archives/2004/06/20/entering-a-password-multiple-times-for-security/#comment-100 Jesse Tue, 22 Jun 2004 13:04:28 +0000 http://www.intelliot.com/blog/archives/2004/06/20/entering-a-password-multiple-times-for-security/#comment-100 Wow... that is one of the best ideas for security that I've heard in a long time. The only problem I see with it is that many people will get annoyed with the 3 password thing. I would use it. I'm sure many companies would use it. But I'm sure the basic idea has been thought of before. Imagine if someone could actually crack all 3 passwords. I mean, unless someone is a big enough tool to use the same one 2 or 3 times, it would be virtually impossible to crack three, six character long, alphanumeric passwords. There are infinite combinations (not really, but i'm too lazy to find the real number). But anyways, the idea is great... try telling someone about it, you could be rich (or not, someone might just steal the idea :P) Wow… that is one of the best ideas for security that I’ve heard in a long time. The only problem I see with it is that many people will get annoyed with the 3 password thing. I would use it. I’m sure many companies would use it. But I’m sure the basic idea has been thought of before. Imagine if someone could actually crack all 3 passwords. I mean, unless someone is a big enough tool to use the same one 2 or 3 times, it would be virtually impossible to crack three, six character long, alphanumeric passwords. There are infinite combinations (not really, but i’m too lazy to find the real number).

But anyways, the idea is great… try telling someone about it, you could be rich (or not, someone might just steal the idea :P)

]]>