Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security SecProg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Account Lockouts

from [Silcock, Stephen] Network Security [Permanent Link]
Subject: RE: Account Lockouts
Date: Thu, 2 Dec 2004 15:06:23 +1100 



What are successfull techniques that could be used on the web 
interface to avoid having a script run against it that would 
potentially lock out 15000 user accounts, and create a 
headache for the system administrators who have to manually 
unlock each account?



A common variation is to brute force accounts rather than passwords.
i.e. pick a common weak password like "password" or "sex" or whatever,
then try that against every account just once (since you already know
the account names).  Because each account is only being tried once, no
lockouts.

S.   :)


This e-mail (and any attachments) may contain confidential information. If you 
are not the intended recipient, you must not disclose it or use the information 
contained in it. If you have received this e-mail in error, please tell us 
immediately by return e-mail, delete it from your system and destroy any 
copies.  Emails may be interfered with, may contain computer viruses or other 
defects and may not be successfully replicated on other systems. Brambles gives 
no warranties on these matters.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Account Lockouts, Burak Bilen
Next by Date:  RE: Account Lockouts, Eric Coleman
Previous by Thread:  RE: Account Lockouts, Alexander Klimov
Next by Thread:  RE: Account Lockouts, Patrik Sternudd
Indexes:  [Date] [Thread] [Top] [All Lists]