The Funny Pic Thread, Pt. 9

[Phase2]

 

[2A_Tom]

 

[Phase2]

Often the weakest point in information security lies between the seat and the keyboard.

 

[HoughMade]

Often the weakest point in information security lies between the seat and the keyboard.

My son, who has a B.S. in information Systems and is in the midst of testing for various certifications, was horrified when he learned that my response to having to update my password at work ever 2 months was to write my password on a post-it and stick it to my monitor.

 

[snorko]

My son, who has a B.S. in information Systems and is in the midst of testing for various certifications, was horrified when he learned that my response to having to update my password at work ever 2 months was to write my password on a post-it and stick it to my monitor.

Perfectly reasonable as the likely threat is from some hacker in Belarus not your secretary sneaking in.

 

[HoughMade]

Perfectly reasonable as the likely threat is from some hacker in Belarus not your secretary sneaking in.

If my secretary or any staff member ends up being the threat...I'm in deep trouble.

I have handed her my credit cards several times to make travel arrangements for me and I have confidential materials all over my desk all the time.

 

[rkwhyte2]

My son, who has a B.S. in information Systems and is in the midst of testing for various certifications, was horrified when he learned that my response to having to update my password at work ever 2 months was to write my password on a post-it and stick it to my monitor.

This much more common than you might think. We had people that would just increment the last digit of their password by 1. This went on for years until the security team changed the rules for passwords.

 

[Phase2]

Bruce Schneier, who I'm sure you son is familiar with as an info security guru has long recommended writing down long, complex passwords. You might want to consider a more secure location for the paper like your wallet, though. A newer, highly secure system is password manager software. There are several good ones out there that can help you maintain many complex passwords across multiple accounts and devices.

He (and the NIST organization) also advocate against the password rotation system which leads to lower quality passwords so that they can be remembered.

 

[2A_Tom]

She knows where you berried the bodies.

Be good to her. I know of a contractor that gave a credit card to his foreman. One day the foreman got mad at the boss and went out and charged about $6000 in furniture and a big TV. The credit card company told him he was responsible for the charges because he had given him the card.

 

[Alamo]

Perfectly reasonable as the likely threat is from some hacker in Belarus not your secretary sneaking in.

While still on active duty it was the rule to lock your screen when leaving your desk. One of our civilian programmers had major schizophrenia and paranoia, caused all kinds of problems and PO'd everyone around him, so when he walked away from his desk without locking his screen, one of the other guys snuck over and sent an email to their supervisor from schizo's account, asking the supervisor out for a date. When you have somebody whose paranoia needle is pegged and then you prove to him he has reason to be paranoid, his paranoia goes supernova. That was a lot of fun.

 

[2A_Tom]

I once wrote a long memo about how to install toilet paper. It unroll over the front like a cleansing waterfall, never under the back because that would cause people to wipe back to front creating a chance of infection, bla, bla, bla. Nearly a full page, on my supervisors computer. CC'd it to all of his bosses and posted it in our restroom. I would install the TP over the back

He would tear it down every day and reverse the TP.

I would go in and post another and reverse the TP.

I like a boss that is easy.

 

[JettaKnight]

Make you password as long as you want, but if they know your first pet's name...

So I was listening to podcast with an interview of a Marine hacker (yeah, they exist) who was infiltrating ISIS - they hit this road block.
"What?! How the f*** do I know what Mustafa's pet's name is?!"
The target analyst leans in and says, "It's fifteen fifteen."
"No, it's asking for a pet name!"
"The target always uses 'fifteen fifteen' for the answers to those questions."
"Ok.... We're in!"

I guess I should stop using the same (predictable) obscure keywords for those.

 

[jamil]

Often the weakest point in information security lies between the seat and the keyboard.

Eh...true, but not the problem.

Bruce Schneier, who I'm sure you son is familiar with as an info security guru has long recommended writing down long, complex passwords. You might want to consider a more secure location for the paper like your wallet, though. A newer, highly secure system is password manager software. There are several good ones out there that can help you maintain many complex passwords across multiple accounts and devices.

He (and the NIST organization) also advocate against the password rotation system which leads to lower quality passwords so that they can be remembered.

About fixing users, Bruce Schneier also says this:

https://ieeexplore.ieee.org/document/7676198

 

[Phase2]

Eh...true, but not the problem.

Sorry, but the user was absolutely the problem in the picture. No security practice can stop that kinda stupid (publicly posting your SSN).

 

[Bill of Rights]

Sorry, but the user was absolutely the problem in the picture. No security practice can stop that kinda stupid (publicly posting your SSN).

I think if I answered, it would either be with the published SSN of that dude from LifeLock, a few years ago, or I’d say, “How wealthy would I be? Several hundred million and change. (Which the OP will be also, until he gets caught for identity theft from everyone giving him their SSN.....That’s a hint and a half, folks....)”

 

[Phase2]

I'd simply brag and list my SSN as $999,999,997.

 

[BugI02]

Eh...true, but not the problem.



About fixing users, Bruce Schneier also says this:

https://ieeexplore.ieee.org/document/7676198

Having trouble reconciling:

1) Create passwords you can't remember, and store them all in one electronic cache (because you can't remember them)

2) Anything connected to the internet can be hacked, eventually

 

[Phase2]

Having trouble reconciling:

1) Create passwords you can't remember, and store them all in one electronic cache (because you can't remember them)

2) Anything connected to the internet can be hacked, eventually

Congrats. You are paying attention and thinking.

In answer, there is no such thing as 100% security. You can only use "best practices" and setup security in layers. While post-its on your monitor stops hacking over the web, it does nothing top stop your secretary/co-workers/janitors/etc from hacking your account. Moving that same post-it to your wallet adds a second layer of difficulty in getting your info. This same concept applies with physical security- there is no one perfect solution.

Having 100s of thousands or millions of accounts for any web site means that people can do bulk hacks rather than hacking individuals- much more attractive targets. Any good password manager uses both high-end encryption and takes extreme measures to avoid having your login watched and compromised. I use two-factor authentication with mine which greatly increases hacking difficulty. Even this won't protect my info in 20 years, but I expect to have moved on to some new generation solution by then.

 

[ArcadiaGP]

wait a sec.... so art has been tax evasion this whole time

 

[HoughMade]

wait a sec.... so art has been tax evasion this whole time

That's a neat scenario and all, and I'm sure it worked. Once. Maybe.