Why are we still not funding this!?! (18 Photos)

Like this post? Share it with your friends or scroll down to comment!!

More From badSENTINEL

One Comment

  1. There's a good reason why computers don't tell you whether it was your password or your user name that was invalid: because that information could be used by a hacker to help break into the system. Suppose it said, "that's a valid user id but not the right password". Now the hacker knows he has a valid user ID, and won't waste time trying different ones. That's why no system says, "You have the first six letters of the password right but the seventh letter is wrong." Sure, that would help users who made a typo, but it would also help hackers. When they were developing Unix security, someone noticed that if you gave an invalid user ID, the system came back with an error message faster than if you had a valid user ID but an invalid password, because the computer didn't take the time to look up the password for a non-existent user. They fixed that by building in a deliberate time delay.

Leave a Reply

Your email address will not be published.

From Our Sponsors