1. An Ominous Coward
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jan 2002
    Rep Power

    Social Engineering

    I got this response from one of the staff at my college while trying to set an appt to take an online exam at their facility:
    There is a special password for each exam...
    There are three exams, and this statement suggests to me that there are only 3 passwords. Ouch. Worse yet, I know this school's faculty has a rotten tendency to pick common dictionary words (sometimes appended by "random" numbers) as passwords. Can anyone say "brute force" and 100% for ol' Chris? (no, I didn't - I'm taking the test totally legit). Even at that, one person could take the test and disseminate it across the rest of the class.

    Remember folks: the people you work with are probably your biggest security holes, so be sure you cover security issues with them when they're hired and FOLLOW UP on it with little refreshers now and then.
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2003
    Rep Power
    Would making/putting a small keylogging program on one of the box's be alot more effective not to mention less detectable,

    Then, tell an admin that the box, or exam login isnt working properly (elaborate as you see fit) and that you've tried to fix it yourself but it keeps saying you ave insuffiecent privedges to do so

    ...Just a suggestion, its the route i'de take before a brute force method

    All the best,

IMN logo majestic logo threadwatch logo seochat tools logo