<a href="http://g.adspeed.net/ad.php?do=clk&zid=15220&wd=468&ht=60&pair=as" target="_blank"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15220&wd=468&ht=60&pair=as" alt="i" width="468" height="60"/></a>
Log in
::
Register
::
Not logged in
Home
Tags
Articles
Editorials
Stairways
Forums
Scripts
Videos
Blogs
QotD
Books
Ask SSC
SQL Jobs
Training
Authors
About us
Contact us
Newsletters
Write for us
<a href="http://g.adspeed.net/ad.php?do=clk&zid=15491&wd=120&ht=300&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15491&wd=120&ht=300&pair=as" alt="i" width="120" height="300"/></a>
Recent Posts
Recent Posts
Popular Topics
Popular Topics
Home
Search
Members
Calendar
Who's On
Home
»
SQLServerCentral.com
»
Editorials
»
Inconsistency
58 posts, Page 5 of 6
««
«
2
3
4
5
6
»»
Inconsistency
Rate Topic
Display Mode
Topic Options
Author
Message
john.arnott
john.arnott
Posted Friday, March 15, 2013 11:36 PM
UDP Broadcaster
Group: General Forum Members
Last Login: Wednesday, April 17, 2013 10:57 PM
Points: 1,491,
Visits: 3,008
I moved from mainframe work into PC's in the late 80's, developing on OS/2. When Microsoft divorced IBM and re-named their version of that OS "NT", I was convinced that the big blue product would be recognized as superior and would be the end of MS dominance. I even bought into the Microsoft bashing (I hate to admit), referring to "win-doze". By the end of the 90's, I'd clipped and hung on our fridge a Nicole Hollander "Sylvia" cartoon that summed up my experience and new attitude (it's dated 8/12/98). I hope I'm not pushing copyright law too far by quoting it.
She introduces her character as 'the woman who worries about everything, doesn't have a computer, cell phone or smart card because she knows what's new today will be obsolete tomorrow.' Then, the character, sitting a desk lit by a hurricane lamp muses 'You'll notice that no one's bidding on old computers at Sotheby's. You can't give them away. No, they molder down in the basement... along with that Beta VCR you thought you were so clever buying because it was better than VHS and cheaper.'
Post #1431864
David.Poole
David.Poole
Posted Saturday, March 16, 2013 6:24 AM
SSCrazy
Group: General Forum Members
Last Login: 2 days ago @ 8:46 AM
Points: 2,750,
Visits: 1,410
I think I've learnt that even the well informed and smart people only have a vague clue about what the future will hold.
Even the guys who guess right are only shown to be right in retrospect. Things can change in the blink of an eye and everything you thought was your comfort zone becomes a barren and rock strewn field.
The strange thing is that technology is like fashion. What was thought to be long dead comes back to life and is touted as the shiny, new and the next big thing!
LinkedIn Profile
Post #1431885
L' Eomot Inversé
L' Eomot Inversé
Posted Saturday, March 16, 2013 6:54 AM
SSCertifiable
Group: General Forum Members
Last Login: Yesterday @ 11:54 AM
Points: 7,112,
Visits: 7,188
Jim P. (3/15/2013)
Have you ever seen nthe
XKCD
view?
Yes, so I'll never use correct horse battery stable as a pasword now - the everbody and his dog knows it
Setting the screensaver to 10 minutes (which can be a conversation time with a coworker) by group policy and a lockout policy is about ridiculous.
I agree, doing settings by group policy that need to be under individual control is always ridiculous. Sometimes for privilaged logins 10 minutes is much too long, unless you put a "lock now" button in the systray and use it whenever you leave the desk, for other logins it can be too short.
Tom
Is minic a gheibheann béal oscailte dorn dúnta.
Is minig a cheapas beul fosgailte dòrn dùinte.
Post #1431887
Jim P.
Jim P.
Posted Saturday, March 16, 2013 8:43 AM
SSC-Addicted
Group: General Forum Members
Last Login: 2 days ago @ 7:04 PM
Points: 443,
Visits: 496
L' Eomot Inversé (3/16/2013)
Yes, so I'll never use correct horse battery stable as a pasword now - the everbody and his dog knows it
How about autos world needs gas.
Four simple words is still much harder to crack.
We just had a the financial user from a nursing home call in and say that the clinical users had given her their user names and passwords in case she needed to add a diagnosis to make the claims work. WTF?
----------------
Jim P.
A little bit of this and a little byte of that can cause bloatware.
Post #1431902
L' Eomot Inversé
L' Eomot Inversé
Posted Saturday, March 16, 2013 10:40 AM
SSCertifiable
Group: General Forum Members
Last Login: Yesterday @ 11:54 AM
Points: 7,112,
Visits: 7,188
Jim P. (3/16/2013)
How about autos world needs gas.
Four simple words is still much harder to crack.
I think the XKCD cartoon actually under estimates the entropy of four common words. Lets call that 11 bits per word - I suspect that most people intelligent enough to be able to type a password have an active vocabulary quite a lot bigger than 2000 words. Even so, I have a large number of different passwords, and I'm not going to remember them all, so I need a password safe or dictionary and I want that to be locked by something with a lot more than 44 bits and even for some of the passwords themselves I want nearly twice that. So I use quite long passphrases - much more than 4 words - and make sure they are something I already know (ie quoting something that's already there) and not something I might forget. That's one of my beliefs that has changed: I used to think it sensible to introduce the odd error into the phrase, but soon experience taught me that this increased the chances of forgetting it by a large factor - years ago I lost my PGP keys that way (and of course couldn't revoke them) - so now I believe it's better to keep the orignal phrase without perturbation - the perturbation has only negligible effect on the probability of the phrase being found by guessing. Within the safe or dictionary the original passwords can or course have much less entropy - I don't think I have any need for more than 80 bits for any of the individual passwords (except for ones that are protecting the private keys of public key encryption pairs), and most things could have much less entropy than that.
We just had a the financial user from a nursing home call in and say that the clinical users had given her their user names and passwords in case she needed to add a diagnosis to make the claims work. WTF?
Not crazy, or at least no exceptionally so, just ordinary people doing what ordinary people do.
Tom
Is minic a gheibheann béal oscailte dorn dúnta.
Is minig a cheapas beul fosgailte dòrn dùinte.
Post #1431913
Scott Anderson #2
Scott Anderson #2
Posted Sunday, March 17, 2013 5:30 PM
SSC Rookie
Group: General Forum Members
Last Login: Sunday, March 17, 2013 10:06 PM
Points: 28,
Visits: 86
Have you ever seen nthe
XKCD
view?
Yes, which leads to yet another problem, password staleness. You make have thought up the easiest to remember, hardest to crack password, but unless you change it often, then you are still in a world of problem attack vectors.
With this idea, your password (how you enter it) is changing slightly every time you access it. The system could get to know that you get tired mid-afternoon and have a slower typing speed or the first thing in the morning have a hard time getting the little finger over to that tricky "Q" key. Other times you like to enter the text "Mary had a little lamb" and highlight the "had" text.
That way it's not the data (user name & password) that really is authorised, it's your persona or you.
Post #1432047
L' Eomot Inversé
L' Eomot Inversé
Posted Sunday, March 17, 2013 7:44 PM
SSCertifiable
Group: General Forum Members
Last Login: Yesterday @ 11:54 AM
Points: 7,112,
Visits: 7,188
Scott Anderson #2 (3/17/2013)
Have you ever seen nthe
XKCD
view?
Yes, which leads to yet another problem, password staleness. You make have thought up the easiest to remember, hardest to crack password, but unless you change it often, then you are still in a world of problem attack vectors.
This is one of the nastiest security myths that exists, and had done quite a lot of damage through having created systems which force people to change passwords frequently, thus ensuring that they can never remember them so they are always sitting there on a post-it note for everyone to see. Only someone completely incompetent at serious security believes in changing passwords often (unless they have a situation where compromise is unlikely to be dsetected within the period between changes).
The whole "frequent password changes" idea is total nonsense. Changing your password has no effect whatsoever on the chance of it being guessed, or being broken by brute force attack. The only effect it has is on the duration of a compromise - and since a the typical time for a broken password to do all the damage it can is rather short, changing your password every rather long time stands very little (approximately zero) chance of reducing the damage - far smaller a chance than the risk that consequences of changing (maybe communicating passwords, maybe time to learn passwords) will do rather a lot of damage.
If you change your password once a fortnight instead of once a year, you reduce the expected time that a broken password is valid
if you don't notice it
from six months to a week - so you gain some wonderful extra protection provided it takes you more than a week to notice that someone is misusing your account. What a pitiful benefit that is!
Tom
Is minic a gheibheann béal oscailte dorn dúnta.
Is minig a cheapas beul fosgailte dòrn dùinte.
Post #1432066
Scott Anderson #2
Scott Anderson #2
Posted Sunday, March 17, 2013 10:06 PM
SSC Rookie
Group: General Forum Members
Last Login: Sunday, March 17, 2013 10:06 PM
Points: 28,
Visits: 86
Yes, which leads to yet another problem, password staleness. You make have thought up the easiest to remember, hardest to crack password, but unless you change it often, then you are still in a world of problem attack vectors.
This is one of the nastiest security myths that exists
Re-reading my comment, I didn’t fully qualify my brief comment, oops you are exactly right.
What I should have said was, as people generally re-use passwords across systems, thereby opening themselves up to multiple attacks vectors. If one of those systems is compromised then it’s not hard to find others to try it with. Like with Antivirus that only detects 99% of issues, all you need is to be unlucky to get that 1% which made that 99% not even matter. One can get in a habit of password re-use (or staleness) and suddenly find themselves in trouble. I agree, frequent password changes is never a good thing for the user. Yes, if your password cannot be worked out and the system containing it doesn't get hacked, you can safely use the same password and never need to change it, but does that really happen?
Only someone completely incompetent at serious security believes in changing passwords often (unless they have a situation where compromise is unlikely to be dsetected within the period between changes).
This one I don't agree with so much. How easy is it to detect a compromise? How do you know when others have your password? How many systems display the number of recent failed attempts (or even since the last successful login) or successful ones, plus when they do, do you even take note? Until something destructive or unwanted happens and especially if you are only a user and cannot access the logs, you wouldn't know what read-only activity has happened. No, a stale password is no benefit here.
Post #1432073
Gary Varga
Gary Varga
Posted Monday, March 18, 2013 4:58 AM
Hall of Fame
Group: General Forum Members
Last Login: Yesterday @ 6:36 AM
Points: 3,541,
Visits: 1,135
Lynn Pettis (3/15/2013)
Okay, drop the religious debate. It will go where we really don't want it to go really fast.
Sorry. My facetious comment was not aimed at any religion but a jocular poke at TravisDBA as he appears to enjoy the banter. My mistake (about the post, not TravisDBA having a sense of humour), sorry.
Gaz
-- Stop your grinnin' and drop your linen...they're everywhere!!!
Post #1432135
lptech
lptech
Posted Monday, March 18, 2013 10:02 AM
SSC Journeyman
Group: General Forum Members
Last Login: 2 days ago @ 1:31 PM
Points: 97,
Visits: 995
In the last 1-2 years, I have given up on religious wars in technology (this should not be taken in any way to have anything to do with real religion). Just part of the list from the last 20 years or so: Mainframe-PC, Windows-UNIX, DB2-IMS/IDMS, Sybase-Oracle-Informix-Ingress, SQL Server-Oracle, PC-MAC, iPhone/Pad-Android, I don't argue about it anymore. Each technology is good for something, and works better for some people. Life is too short, and nobody convinces the other side anyway. I think that my oldest son misses these arguments, at least WRT Apple products
Post #1432242
« Prev Topic
|
Next Topic »
58 posts, Page 5 of 6
««
«
2
3
4
5
6
»»
Permissions
You
cannot
post new topics.
You
cannot
post topic replies.
You
cannot
post new polls.
You
cannot
post replies to polls.
You
cannot
edit your own topics.
You
cannot
delete your own topics.
You
cannot
edit other topics.
You
cannot
delete other topics.
You
cannot
edit your own posts.
You
cannot
edit other posts.
You
cannot
delete your own posts.
You
cannot
delete other posts.
You
cannot
post events.
You
cannot
edit your own events.
You
cannot
edit other events.
You
cannot
delete your own events.
You
cannot
delete other events.
You
cannot
send private messages.
You
cannot
send emails.
You
may
read topics.
You
cannot
rate topics.
You
cannot
vote within polls.
You
cannot
upload attachments.
You
may
download attachments.
You
cannot
post HTML code.
You
cannot
edit HTML code.
You
cannot
post IFCode.
You
cannot
post JavaScript.
You
cannot
post EmotIcons.
You
cannot
post or upload images.
Copyright © 2002-2013 Simple Talk Publishing. All Rights Reserved.
Privacy Policy.
Terms of Use.
Report Abuse.
