(no subject)

posted by [identity profile] rfunk.livejournal.com at 11:54pm on 08/03/2008
Depends on whether the attacker can bypass that restriction. Often attackers can get the (encrypted) password database, and try as often as they want.
[parent entry] [link] [parent] [reply]
 

(no subject)

posted by [identity profile] zenten.livejournal.com at 12:36am on 09/03/2008
Oh. That makes sense then.

How do they typically get it?
[link] [parent] [reply]
 

(no subject)

posted by [identity profile] rfunk.livejournal.com at 12:39am on 09/03/2008
Network-facing services often have holes (bugs) that allow someone to grab arbitrary files from the system. They just have to know how to exploit the problem and grab the file they want.
[link] [parent] [reply]
 

(no subject)

posted by [identity profile] zenten.livejournal.com at 12:42am on 09/03/2008
Ok. I thought for some reason that most systems (at least run by competent sysadmins) didn't have these holes, or at least holes that anyone had found.
[link] [parent] [reply]
 

(no subject)

posted by [identity profile] rfunk.livejournal.com at 12:50am on 09/03/2008
Well first, you have a lot of questionable conditions there, such as "competent sysadmins". :-)
Second, you have to define "anyone". There are certainly holes that are unknown to the good guys, but known to the bad guys.

Also, going back to your earlier question, it's not always possible to limit the number of logins, depending on the protocol being used.
[link] [parent] [reply]

April

SunMonTueWedThuFriSat
        1
 
 2
 
 3
 
4
 
 5
 
 6
 
 7
 
 8
 
 9
 
 10
 
11
 
 12
 
 13
1
 14
 
 15
 
 16
 
 17
 
18
 
 19
 
 20
 
 21
 
 22
 
 23
 
 24
 
25
 
 26
 
 27
 
 28
 
 29
 
 30