April 15th, 2003, 11:15 PM
I got this response from one of the staff at my college while trying to set an appt to take an online exam at their facility:
There are three exams, and this statement suggests to me that there are only 3 passwords. Ouch. Worse yet, I know this school's faculty has a rotten tendency to pick common dictionary words (sometimes appended by "random" numbers) as passwords. Can anyone say "brute force" and 100% for ol' Chris? (no, I didn't - I'm taking the test totally legit). Even at that, one person could take the test and disseminate it across the rest of the class.
Remember folks: the people you work with are probably your biggest security holes, so be sure you cover security issues with them when they're hired and FOLLOW UP on it with little refreshers now and then.
April 19th, 2003, 03:54 AM
Would making/putting a small keylogging program on one of the box's be alot more effective not to mention less detectable,
Then, tell an admin that the box, or exam login isnt working properly (elaborate as you see fit) and that you've tried to fix it yourself but it keeps saying you ave insuffiecent privedges to do so
...Just a suggestion, its the route i'de take before a brute force method
All the best,