I finally had to unsubscribe from bugtraq. There are simply too many cross postings between that list and vulndev. For the past 2 months, it seems that almost every bugtraq posting eventually ends up on vulndev and vice versa. My inbox runneth over ...
Every month, all of the systems programmers get a password list, which contains a listing of root and system-level passwords on our main servers. (Stupid, I know, but don't look at me...) Once we're given the list, we're expected to run our old list through the shredder. Theoretically, it's a solid plan, but in actuality, it's flawed. First, what if I forget to shred my list, and instead throw it away? Second, the shredder doesn't really "shred". It's more of a cut or a slice. It slices a sheet into strips that are about 0.5 inches wide. I figure it'd take someone about 3 minutes - including a bathroom break - to piece a password list back together ...
Of course, I rarely use the hardcopy. I prefer TkPasMan. It keeps all of my passwords encrypted, I can only access the list by giving it a password, and it has some pretty handy cut & paste features.
It's somewhat old news, but Janis Ian is my hero. And I couldn't hum you one of her songs.
