This reminds me of the stories I heard in my distributed computing class of how security experts who are hired to test firms' security rarely need to resort to any complicated hacking and can usually just convince an employee to give them a password. The most amusing example was of a security expert who took a financial firm's employees out for drinks and then got them bidding on who would sell their password for the least amount of money.
People who worry about the robustness of one or another encryption schemes always seem a bit silly to me. Sure, if you can build a tool that any schmuck with a computer can use to automatically crack an encryption scheme, that's a problem. But most often, when security is breached, it's some person's fault rather than the software's. Doesn't matter how secure passwords are if your employees write theirs on a damn post-it note next to their computer.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment