hacked - looking for doc/suggestions on hardening/securing systems from the start

Roger arelem at bigpond.com
Fri Dec 20 10:40:25 UTC 2013

On 12/20/2013 09:24 PM, Patrick O'Callaghan wrote:
> On Fri, Dec 20, 2013 at 8:05 AM, Tim <ignored_mailbox at yahoo.com.au 
> <mailto:ignored_mailbox at yahoo.com.au>> wrote:
>     e.g. A fool uses some webservice that asks you to log in with your
>     hotmail username and password, so they do, despite the face that this
>     webservice is not hotmail.
> Not quite what you're saying but tangentially related: many web sites 
> are confusing to the naive user. They ask you to register using your 
> email address and a password, without making it clear that they don't 
> mean the password for the email account. I'm sure more than a few 
> people have been caught by that. It doesn't mean the website is 
> malicious, but now the attack front on the password has been expanded.
> poc
I've noticed that they prefer/require email address as user name to 
reduce the instance of simplistic user names while remaining memorable.
There's nothing to stop one using a fictitious email address as a user 
name provided one remembers it when needed. qwertuyt at qwe.bv once worked 
for me along with similary stupid trials.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20131220/328d2439/attachment.html>

More information about the users mailing list