Hi
I am obviously too old and naive as I was shocked to discover the
Australian
Tax Office advising people where to find Password Crackers. I can see
that
there is a problem with disgruntled employees locking up stuff then
shooting
through but given all the codswallop that we have gone through with the
infamous duo of Sarbanes and Oxley this seems to be a pretty major hole.
John the Ripper does unix variants such as linux and windows
www.openwall.com
www.lostpassword.com does just about any commercial software from MYOB
through zip and Windows server.
My question to the group is does anyone have any idea how safe the
encryption is on our multi value systems? I am thinking of QM for example
and I am also looking at D3 since I have been trying for years to convince
clients of the im****tance of guarding Master/Visa card information. Of
course as long as people insist on printing the items out - I carefully
did
not provide such a facility, so I discovered a client bringing it up,
hitting PrintScreen and leaving the output lying around the office. Since
they can do this with the Bank's own interface software my puny efforts
seem
pointless.
Then of course we have the sheer genius of users with departments like the
British Civil service sending the database of the entire social service
clients on a cd by way of a bloke on a bike. The Australian Army officer
who left the CD in the departure lounge PC drive to be found by a re****ter
no less. I am quite sure that the Yanks can provide us with even better
examples.
Peter McMurray
