{"id":996,"date":"2015-03-28T20:56:53","date_gmt":"2015-03-28T20:56:53","guid":{"rendered":"http:\/\/lifestream.hausderluege.org\/?p=996"},"modified":"2015-03-28T20:56:53","modified_gmt":"2015-03-28T20:56:53","slug":"i-deal-with-system-security-regularly-both-at-the-day-job-and-by-moonlight-the-single-largest-target-for-attack-is-still-users-with-crappy-passwords-the-more-users-you-have-on-a-system-the-more-u","status":"publish","type":"post","link":"https:\/\/lifestream.hausderluege.org\/?p=996","title":{"rendered":"I deal with system security regularly both at the day job and by moonlight. The single largest target for attack is *still* users with crappy passwords. The more users you have on a system, the more users will have the crappiest passwords that the system will allow. Ageist though it may be, older people tend to suck at technology generally, and also to whine the loudest about requirements for complex passwords. If I had to pick a group as second place, I&#8217;d go with middle and upper executives without hard IT backgrounds. Combine this with the the fact that we&#8217;re talking about power brokers and egomaniacs, and what do you think the chances are that the Congressional mail servers have strong password policies and related protections against password level attacks? How many members of congress respond to spearphishing messages? Or share their passwords and access with their staff? or change their passwords regularly? This stuff happens all the time in corporate environments, and I doubt that Congress is any different. So, in my experience, a private mail server with very few accounts and a competent administrator that can meet the needs of those few users with the least amount of exposure will run a less vulnerable system from the outset \u2014 it&#8217;s a small, uninteresting target for most black hats, who are seeking high volume targets with bigger payday potential."},"content":{"rendered":"<p>from Facebook<br \/>\nvia <a href=\"http:\/\/ift.tt\/1c4nCfM\">IFTTT<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>from Facebook via IFTTT<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-996","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/lifestream.hausderluege.org\/index.php?rest_route=\/wp\/v2\/posts\/996","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifestream.hausderluege.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifestream.hausderluege.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifestream.hausderluege.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lifestream.hausderluege.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=996"}],"version-history":[{"count":1,"href":"https:\/\/lifestream.hausderluege.org\/index.php?rest_route=\/wp\/v2\/posts\/996\/revisions"}],"predecessor-version":[{"id":997,"href":"https:\/\/lifestream.hausderluege.org\/index.php?rest_route=\/wp\/v2\/posts\/996\/revisions\/997"}],"wp:attachment":[{"href":"https:\/\/lifestream.hausderluege.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=996"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifestream.hausderluege.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=996"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifestream.hausderluege.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=996"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}