Re: CRIME EarthLink Password Security Story

From: Seth Arnold (sarnold@private)
Date: Tue Jun 18 2002 - 11:40:47 PDT

  • Next message: Crispin Cowan: "Re: CRIME EarthLink Password Security Story"

    On Tue, Jun 18, 2002 at 09:57:03AM -0700, Myers, Mike wrote:
    > The tech (AT&T contractor) who set up a cable modem for me graciously
    > selected "password" as my initial password.
    
    Mike, you should have told them you were running Linux.. they were more
    than happy to let me do everything on my own once they figured out they
    weren't going to touch my machines. :)
    
    > -----Original Message-----
    > From: MAGEE Rob [mailto:Rob.Magee@ODE-EX1.ODE.STATE.OR.US]
    > 
    > The same policy is in force at ATTBI's support group.
    > Two days ago I was asked for my password.
    
    It is possible for them to not have plaintext access to your password
    and still use this authentication method -- the tech could type it into
    a text box somewhere and get a "YES/NO" response back. (Not likely, I
    fully expect them to have plaintext passwords available, but the
    possibility exists for them to Do It Correctly. :)
    
    -- 
    http://www.wirex.com/
    
    
    



    This archive was generated by hypermail 2b30 : Tue Jun 18 2002 - 12:49:03 PDT