[Enjay] Personal insecurity Log Out | Topics | Search
Moderators | Register | Edit Profile

Lateral Puzzles » Solved Lateral Thinking Puzzles » Solved Puzzles - April 2013 » [Enjay] Personal insecurity « Previous Next »

Author Message
Enjay (Enjay)
New member
Username: Enjay

Post Number: 2551
Registered: 4-2007
Posted on Friday, March 22, 2013 - 11:15 am:   Edit PostDelete PostView Post/Check IPPrint Post   Move Post (Moderator/Admin Only)Ban Poster IP (Moderator/Admin only)

A large company introduced a measure designed to increase their computer security. However, the measure did not work as planned, and almost certainly decreased their security. What was the measure, and how did it backfire?
Galfisk (Galfisk)
New member
Username: Galfisk

Post Number: 5626
Registered: 9-2009
Posted on Friday, March 22, 2013 - 11:40 am:   Edit PostDelete PostView Post/Check IPPrint Post   Move Post (Moderator/Admin Only)Ban Poster IP (Moderator/Admin only)

Passwords relevant? Writing stuff down? Did they introduce a password policy so complex that people wrote down their passwords on paper? Did they forbid a certain device? Such as cellphones in the workplace? Shredding relevant? Access restrictions? Access cards? Internet access? Blocking of certain webpages?
For the longest time, update pages for java/flash/adobe reader and similar were blocked at my work, so we couldn't benefit from the bugfixes when vulnerabilities were found and patched in these. Is something like this relevant?
Enjay (Enjay)
New member
Username: Enjay

Post Number: 2553
Registered: 4-2007
Posted on Friday, March 22, 2013 - 1:09 pm:   Edit PostDelete PostView Post/Check IPPrint Post   Move Post (Moderator/Admin Only)Ban Poster IP (Moderator/Admin only)

Passwords relevant? Yes Writing stuff down? No Did they introduce a password policy so complex that people wrote down their passwords on paper? No Did they forbid a certain device? No Such as cellphones in the workplace? Shredding relevant? No Access restrictions? Yes Access cards? No Internet access? No Blocking of certain webpages? No
For the longest time, update pages for java/flash/adobe reader and similar were blocked at my work, so we couldn't benefit from the bugfixes when vulnerabilities were found and patched in these. Is something like this relevant? No
Redwine (Redwine)
New member
Username: Redwine

Post Number: 2219
Registered: 1-2011
Posted on Friday, March 22, 2013 - 1:17 pm:   Edit PostDelete PostView Post/Check IPPrint Post   Move Post (Moderator/Admin Only)Ban Poster IP (Moderator/Admin only)

Did the company order the employees to change their passwords frequently?
I use the system that requires passwords to be changed every 30 days. After that time the old passwords are no longer valid. The effect is that noone uses the system but once a year when we are obliged to do this. And when we have to use it, we go to the system administrator and ask him to generate new passwords for us.
Is something like this relevant?
Enjay (Enjay)
New member
Username: Enjay

Post Number: 2554
Registered: 4-2007
Posted on Friday, March 22, 2013 - 1:53 pm:   Edit PostDelete PostView Post/Check IPPrint Post   Move Post (Moderator/Admin Only)Ban Poster IP (Moderator/Admin only)

Did the company order the employees to change their passwords frequently? Yes...I thought this would be quick!
I use the system that requires passwords to be changed every 30 days. After that time the old passwords are no longer valid. The effect is that noone uses the system but once a year when we are obliged to do this. And when we have to use it, we go to the system administrator and ask him to generate new passwords for us.
Is something like this relevant? But this is not the way in which it decreases security
Galfisk (Galfisk)
New member
Username: Galfisk

Post Number: 5630
Registered: 9-2009
Posted on Friday, March 22, 2013 - 3:53 pm:   Edit PostDelete PostView Post/Check IPPrint Post   Move Post (Moderator/Admin Only)Ban Poster IP (Moderator/Admin only)

Using simple passwords relevant? Using a password system? Only changing the bare minimum of the password each time? (password1, password2, password3 etc each month)
Forgetting the password and needing it reset relevant? Are the routines for resetting passwords relevantly insecure?
Enjay (Enjay)
New member
Username: Enjay

Post Number: 2555
Registered: 4-2007
Posted on Friday, March 22, 2013 - 4:27 pm:   Edit PostDelete PostView Post/Check IPPrint Post   Move Post (Moderator/Admin Only)Ban Poster IP (Moderator/Admin only)

Using simple passwords relevant? Using a password system? Only changing the bare minimum of the password each time? (password1, password2, password3 etc each month) Yep, this is it
Forgetting the password and needing it reset relevant? Are the routines for resetting passwords relevantly insecure?

*****SPOILER*****
My dad used to have a company laptop which every month demanded he change the password before being able to use it. To save on remembering a new password every month, his passwords were always something like "number 12" with the number going up each month. It would probably have been a lot more secure if he had had one strong password that he was allowed to keep!
Deholmes (Deholmes)
New member
Username: Deholmes

Post Number: 570
Registered: 11-2012
Posted on Saturday, March 23, 2013 - 8:17 am:   Edit PostDelete PostView Post/Check IPPrint Post   Move Post (Moderator/Admin Only)Ban Poster IP (Moderator/Admin only)

I resemble that remark.
Beachbum (Beachbum)
New member
Username: Beachbum

Post Number: 571
Registered: 2-2012
Posted on Wednesday, March 27, 2013 - 4:04 am:   Edit PostDelete PostView Post/Check IPPrint Post   Move Post (Moderator/Admin Only)Ban Poster IP (Moderator/Admin only)

And this was just the laptop password (which you can reset easily if you have access to the hardware)?

That absolutely doesn't make sense. Was he actually keeping company info on his local drive? Was he somehow using the his laptop user password as the same password to get on his company's SMB shares, or VPN?

Doesn't make sense to me.
Enjay (Enjay)
New member
Username: Enjay

Post Number: 2572
Registered: 4-2007
Posted on Wednesday, March 27, 2013 - 10:07 am:   Edit PostDelete PostView Post/Check IPPrint Post   Move Post (Moderator/Admin Only)Ban Poster IP (Moderator/Admin only)

I'm not totally sure of the details, but yes it was the laptop password, I think because he did company work on there and so would have important documents etc.

Add Your Message Here
Post:
Username: Posting Information:
This is a private posting area. Only registered users and moderators may post messages here.
Password:
Options: Enable HTML code in message
Automatically activate URLs in message
Action: