You are what they say you are. pRSET5a::20STa::6xHis aQyd4m, yt-9+weWm Dxk&2+15^N CanYouGuessMe. Identification & Authentication. Vishal Midha Feb 25, 2003. A Poem of Evil Systems Administration
Feb 25, 2003
rr: flicker! flicker! little modem light! madprof: see you shine, so neat, so bright! madprof: i wonder why you flicker so? madprof: is it cos you're 'effing slow? Ford prefect: transmitting packets through the night... rr: slinging porno byte by byte... rr: watch the monitor's pink glow... rr: as the image starts to grow...
madprof: ping it! ping it! watch it die! rr: hear the hard disk crash and fry! madprof:see the user weep and cry, crusader: reboot again and wonder why?
Passive : The passive storage device is usually a magnetic stripe or smart card in which a static codeword is stored
Active : The active device usually contains a processor that computes a one-time password, either by time-synchronization or challenge-response
Downsides to security tokens are:
Physical or Static biometric: A static biometric signal has the property that the pertinent information used to match and differentiate is a biometric template that derives directly from the fixed body characteristics. e.g. fingerprint, iris, retina, face, hand geometry
Behavioral or Alterable biometric: has two components. One is the underlying body characteristic, which should be fairly stable such as to serve as a good measure for authentication. The other is a variable that alters the biometric. e.g. voice, and handwriting
WHORLPatterns for fingerprints based biometrics
An advantage of fingerprint systems is their ease of use. A disadvantage is their variability with dirty, sweaty, or dry skin, sometimes causing false rejections of the legitimate user
An advantage of both of these eye biometrics is their very high accuracy in matching users. A disadvantage has been cost, traditionally much higher than for fingerprints
f0 f1 f2Voice biometric systems
Some of the fears that have been cited include :
1. Information Theft
What Not to Use
For passwords on a UNIX system:
(The six cabinets house 29 boards each holding 64 custom search microchips)
What to Use
Method to Choose Secure and Easy to Remember Passwords
It is not practical to have a different password for every account, nor is it desirable from a security standpoint. The more passwords you have, the more likely it is that you will have to write them down, which is insecure. On the other hand, it is not a good idea to use the same password for all accounts. If you do and your password is cracked on one system, all your accounts are exposed. A chain is only as strong as its weakest link.A good solution is to separate your accounts into two to four groups based on the consequences of someone misusing the account.
The second management issue with multiple accounts is remembering the user-ids (login names) for all your accounts and which password is associated with each account. You may start with a few computer accounts, but if you use web sites the number quickly grows into the dozens. (I have about sixty.) Ideally you would have the same user-id for all accounts, but sometimes you are not allowed to choose your user-id.Suggestion: On your home computer system (not work), create a file in a subdirectory that contains a lot of other files. Give it an innocuous name like "data", "junk" or one of the existing files with _save appended. (Don't use a name of tmp or a suffix of .tmp - the file might be inadvertently deleted by disk cleanup utilities.) Disable the file's read and write permissions for other users. Edit the file and, for all accounts (except perhaps level one accounts), record (1) the system or web site associated with it, (2) the user-id (login name) associated with it and (3) the keyword (not password) for the account that you chose.The number of level one accounts is probably small, so it is best to not put them in this file. Do not put words like "account", "login", "user-id" or "password" anywhere in the file - crackers scan for files with words like these. If you back up the file to a floppy, give the floppy an innocuous label like "Misc files", not "Account info". Again, do not put passwords in this file, any other unencrypted file or on paper.
The fastest ZIP cracker in the world! (according to independent reviewers and experts).
Convenient user interface
Under DEBUG you enter the commands:
o70 25 ; #25 - register address
o71 55 ; #55 - in fact - any value ...
o70 26 ; #26 - another register ...
o71 55 ; new value for reg. #26 ...
q ; Quit
and then RESET the computer. CMOS checksum does not fit, so the BIOS suggests to load default values - the passwords as well.
(Instead of Q in the end you can execute RESET with command g=ffff:0 …)
Usually you can log in with a guest or regular user account. Do that and go to the directory \Windows\System32 and replace the login screensaver with the command line prompt.cd \Windows\System32ren logon.scr login.bakcopy cmd.exe logon.scr
Then reboot, and just wait for the screensaver to come up. It will be the command line prompt and you'll have access to the computer. Full access!. You can run the user manager, create a new account and give it admin privileges or just change the admin password...
Also don't forget to restore the original screen saver .
Very useful tool
Ingredients:1. Your notebook.2. An empty formatted diskette (720 kb or 1,44 mb).3. A second computer (e.g. a DOS desktop PC).4. A hex-editor (e.g. Norton DiskEdit or HexWorks).
Procedure:1. Start the desktop PC and start the hex-editor.2. Put the disk in drive A:3. Change the first five bytes of sector 1 (boot sector is sector 0) to: 4B 45 59 00 00.4. Save it! Now you have a KEYDISK.5. Remove the disk from drive A:6. Put the disk in the notebook drive.7. Start the notebook in Boot Mode (push the reset button).8. Press Enter when asked for Password:9. You will be asked to Set Password again. Press Y and Enter.10. You now see the BIOS configuration where you can set a new password.
Advice for administrators who want to protect their computers: