reddragdiva: (Wikipedia)
divabot ([personal profile] reddragdiva) wrote2007-05-07 05:06 pm
  • Add Memory
  • Share This Entry

Tubgirl is Love.

An English Wikipedia admin account just got compromised and abused again, because the admin used "fuckyou" as a password. That's the sixth most common password, I think. The main page was deleted for five minutes and Tubgirl was put in the sitenotice.

Brion and Greg are (right now) running a password cracker over the admin accounts. If you want to keep your admin bit and know, deep in your heart, that your password is a bit rubbish, I strongly suggest changing it or it will be locked. Hint: if it shows up in Google, it's a rubbish password. Or enter it into the search box at the right of my Wikipedia blog with your username — I have a, uh, phishing detector running there. Yes, that's it. A note on the subject has been added to Wikipedia:Administrators.

Now we eagerly await Single Crack 0wnz0ring. Normal people just don't get passwords. I used to do dial-up Internet tech support. "What do you want for a password?" "Oh, [username]." "I'm sorry, you can't have it be the same." "Oh, [username]1." Suggestions? Assume we can't require an RSA keyfob for all editors.

Flat | Top-Level Comments Only

[identity profile] http://users.livejournal.com/_nicolai_/ 2007-05-07 04:18 pm (UTC)(link)
Oh, tasty.
RSA, and other, crypto tokens suffer from key initialisation problems, but do help somewhat. Until people lose them, etc.
reddragdiva: (Default)

[personal profile] reddragdiva 2007-05-07 04:37 pm (UTC)(link)
And imagine if they become common. Banks (outside the UK) are starting to use them for online banking. I already have one for work and I expect you do too. Just what I need is a single loseable keychain with all my RSA keyfobs.

[identity profile] ladykathryn.livejournal.com 2007-05-07 04:43 pm (UTC)(link)
With a private organization and a small group that needs them, the risk of physical token loss can be greatly offset by having a replacement policy that requires the user to pay for the replacement cost. In other words, people are a hell of a lot more careful with their keyfobs when they know it's $250 coming out of their pocket.

(I lost my RSA token once. The embarassment was... excruciating. More irritatingly though, I also lost my cute little purple MagLite, my beer bottle opener, and my mini Swiss Army knife, none of which I've managed to replace. Ugh. Totally irrelevant tho.)

[identity profile] damned-colonial.livejournal.com 2007-05-07 10:18 pm (UTC)(link)
I got one from my bank. It lasted a week before the LCD screen was crushed to death by my keys. Seriously. I didn't do anything with it other than carry it around in my pocket or bag for a few days, and it self-destructed. Piece of fucking shit.
vatine: Generated with some CL code and a hand-designed blackletter font (Default)

[personal profile] vatine 2007-05-07 11:59 pm (UTC)(link)
I've always stuck them in an inner pocket with not much else in the same pocket (same way I carried a calculator at a much younger age). The work-access one lived in the laptop case, though.
vatine: Generated with some CL code and a hand-designed blackletter font (Default)

[personal profile] vatine 2007-05-07 11:58 pm (UTC)(link)
Starting? Starting? I had a keyfob for my S|E|B internet banking in 1998! And another keyfob for remote access to work.
Flat | Top-Level Comments Only