Wifi Password Recovery - UTM - Vulnerability Scanning


VIP LOUNGE
CLOUD LOGIN
Sun Sun Sun

You are here: News > News > Password Reminders Are Also Exploitable Security Holes

» IT Security NEWS
 
» 21 May 2009
Password Reminders Are Also Exploitable Security Holes
Not remembering what password you used for a forsaken shopping site account can be frustrating, and your anger can be aggravated by most sites' fallback authentication method. It truly is a bother. After all, can you really recall which of your past pets is your favorite five years ago, or whether or not you still have your discarded home number listed in your cellphone for easy reference?

These kinds of difficulties must be worth the effort because they're designed to enhance the level of security in the password recovery process. Unfortunately, more often than not, they don't. At least that's what a report that will be presented this week at the IEEE Symposium of Security and Privacy discovered after examining the backup security questions used by a multitude of e-mail services.

Microsoft Research worked alongside the researchers of Carnegie Mellon University in order to make their joint-effort study in alternate password authentication possible. Microsoft Research is even hosting a copy of the study for easy perusal. The researchers mostly concentrated on e-mail services for many reasons, among which is the fact that protecting mail accounts against spammer abuse is a continuous struggle for service providers.

At any rate, the authors of the study recruited a myriad of volunteers through a population of subjects organized by Microsoft Research. They had them bring a friend, family member, or coworker to two test meetings. There were about 130 participants all-in-all. To encourage volunteers to participate in the study seriously, an assortment of gift certificates and raffle tickets were given away.

The test subjects were asked to answer a string of questions taken from e-mail services, and they were given the chance to deduce what their companions answered on their own questions, both with and without the opportunity to investigate them on the Internet. In the following sessions that happened three to six months later, the failure rate was what everyone expected—within the region of 20% to 25%, depending on how strict the validation was.

Obviously, information found in social networking sites like Flickr and Facebook helped other volunteers gain the right answers to their companion's questions, while trust also played a part in helping a pair of colleagues correctly deduce what they've answered on each other's questions.

The bottom line is that the overall study has proven that password reminders can serve as vulnerabilities like many of the bugs and exploits hackers usually use to infiltrate accounts, so e-mail and webmail providers should find a better backup authentication process in the future or risk getting hacked by spammers on a daily basis.

 


Reviews of SecPoint.com
 
 
 
 
 

Awards & Reviews
  

  

Subscribe to our Mailing List

Customer References


About
About
SecPoint
History
Mission Statement
Vision
Management
Investment
Bank
Sponsorship
Certificates
Environment
Environment
What is RoHS Weee?
Accounting
Values
Member of Organisations
Merchandise
SecPoint Certification
Design
Status Information
Hardware Vendors
Jobs
Environment
SecPoint on social media
Twitter Facebook Youtube
Products
Products
Protector
Cloud Protector
Penetrator
Portable Penetrator
Cloud Penetrator
Free IT Security Tools
Pricing
SecPoint Brochures
SecPoint Questions FAQ
SecPoint Datasheets
SecPoint SPID Library


Partners
Partners
Become a SecPoint Affiliate
Become a SecPoint Partner
SecPoint Franchising
SecPoint Partner Lounge
News
News
Press
Product Awards
SecPoint RSS Feeds


Contact
Contact
General Contact
IT Security Products Webshop
Latest SecPoint Software Images Change Log
SecPoint FAQ Frequently Asked Questions
SecPoint on Twitter
SecPoint Sales Training Videos
SecPoint Shipping Cost
SecPoint World Wide Shipping
Support
Solutions
Anti-Spam Appliance
UTM Appliance
Penetration Testing
Proxy Appliance
SAAS
Spam Filters
Vulnerability Assessment
Vulnerability Scanner
Vulnerability Scanning
Vulnerability Scanning Appliance
Web Content Filter
Web Filter Appliance
WiFi Hacking
How essential is vulnerability
management?
What is ...?

Encyclopedia | Free Scan Statement | Link Policy | Privacy Statement | Resources | Sitemap | User Policy
© Copyright 1999-2012: SecPoint®
SecPoint ApS Noerregade 7B - 1165 Copenhagen K - Denmark
US Toll free: +1-888-704-7297 - EU: +45-70-235-245