Remembering history passwords may be bad, but they are getting worse

• Previous message (by thread): Remembering history passwords may be bad, but they are getting worse
• Next message (by thread): Remembering history passwords may be bad, but they are getting worse
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Kevin Day wrote:
> The attacks we see now are... well orchestrated. 10-50,000 proxy
> servers all making login attempts at once, rather slowly. 10-50 login
> attempts per second, each from a different proxy. Still slow enough
> per IP that it doesn't hit our threshold for how many bad logins per
> IP per hour we allow, but enough attempts that just by trying
> seemingly random username/password combinations they get a couple of
> successes a day. We've also seen people trying what appear to be
> known good username/password combos that were presumably acquired
> from other sites that were compromised in some way.

But, in turn, there are at least two distinct aims here;

1. Authorised access; people want free porn.

2. DoS; people object (either "on principal" or by competitors) to the
service you provide, so they want to deny access to others or make it too
expensive to run.

Defending against one usually makes the other easier :(

Peter

• Previous message (by thread): Remembering history passwords may be bad, but they are getting worse
• Next message (by thread): Remembering history passwords may be bad, but they are getting worse
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]