assurance - Re: [Assurance] Counting Failed Logins Update
Subject: Assurance
List archive
- From: "Cantor, Scott" <>
- To: "" <>
- Subject: Re: [Assurance] Counting Failed Logins Update
- Date: Tue, 25 Jun 2013 19:34:40 +0000
- Accept-language: en-US
- Authentication-results: sfpop-ironport01.merit.edu; dkim=neutral (message not signed) header.i=none
On 6/25/13 3:10 PM, "Brendan Bellina"
<>
wrote:
>
>I think these DOS points are well-taken and have raised them myself with
>auditors and such who don't seem to take this risk seriously. Since
>University account logins are usually obvious and systems are public we
>are at greater risk than corporations where account logins are not
>obvious and systems are not public.
I recall discussing this on the InCommon TAC with Joe, and I raised the
question as to whether there's concrete evidence this actually happens.
The attitude here was/is "sure, in theory, but nobody's going to do that".
Hard to refute that without any evidence to the contrary.
We do have hard evidence from logs that nobody's brute forcing our
accounts (literally nobody). Phishing is far simpler and more effective.
-- Scott
- [Assurance] Counting Failed Logins Update, Benn Oshrin, 06/21/2013
- <Possible follow-up(s)>
- Re: [Assurance] Counting Failed Logins Update, Joe St Sauver, 06/21/2013
- Re: [Assurance] Counting Failed Logins Update, Brendan Bellina, 06/25/2013
- Re: [Assurance] Counting Failed Logins Update, Cantor, Scott, 06/25/2013
- RE: [Assurance] Counting Failed Logins Update, Capehart,Jeffrey D, 06/25/2013
- Re: [Assurance] Counting Failed Logins Update, David Walker, 06/25/2013
- Re: [Assurance] Counting Failed Logins Update, Benn Oshrin, 06/26/2013
- Re: [Assurance] Counting Failed Logins Update, Brendan Bellina, 06/25/2013
- Re: [Assurance] Counting Failed Logins Update, Joe St Sauver, 06/25/2013
- Re: [Assurance] Counting Failed Logins Update, Joe St Sauver, 06/25/2013
- Re: [Assurance] Counting Failed Logins Update, Cantor, Scott, 06/25/2013
Archive powered by MHonArc 2.6.16.