Remember Soft Security.
The biggest defense Wikipedia has is its undamageability and the
goodwill of the vast majority of the contributors. Remember that when
we have discussions about security.
On 5/7/07, Steve Summit <scs(a)eskimo.com> wrote:
Gregory Maxwell wrote:
Most people given those restrictions type out
letter patterns on the
keyboard. Cracking programs like john the ripper have rules systems
which predict such patterns with frightening accuracy.
But those predictions are only useful if the attacker has
unlimited login attempts. If we're taking the step of asking
users (and admins) to pick stronger passwords, we should
absolutely at the same time be taking steps in software to
detect repeated login failures and (a) lock out the account,
(b) slow way down, and/or (c) notify the (real) user.
_______________________________________________
WikiEN-l mailing list
WikiEN-l(a)lists.wikimedia.org
To unsubscribe from this mailing list, visit:
http://lists.wikimedia.org/mailman/listinfo/wikien-l