Summer in the City
This month, we're going to have a lightning talk session - so we're looking for your contribution! - 5 minute presentation - German or English - topic of your choice: ruby, rails, software development, hardware projects, your next conference trip or your latest fun project; show pictures, videos, or code, do a live demo, or simply talk about your favorite subject (no need for powerpoint)
If you would like to claim a 5 minute slot, get in touch: https://github.com/rughh/planning/issues/37
Spontaneous contributions are welcome as well (provided we have enough time)
Beefing up your password security - why cracking the passwords of your colleagues is a good thing to do.
Security folks urge us to use strong passwords all the time. The common approach to ensure this in a corporate environment is to implement password policies. You know, these annoying rules that do not let you choose your favorite password anymore. Plus, the stuff that forces you to change your now not so favorite password every 90 days.
In the past years, there has been some controversy within the security community whether our beloved password policies actually make sense. That is, do they lead to better passwords, or do they just frustrate the users and maybe even lead to weaker passwords. Well, guess what: As it turns out, not all is good about password policies.
In this talk, I will share some experience from running a password cracking service in a corporate environment. The service was implemented in addition to a common password policy. The goal was to raise awareness and to strengthen the passwords of my colleagues. Results show that passwords which are compliant with complex policies nevertheless can be cracked within minutes. We will see how dramatic the effect of poor password hashing is to this type of attacks, and how you can run such a service without being hated by all of your colleagues :)
- @KlausTrainer - End-to-End Arguments in System Design
- @catrinmsj - Entwickler und die anderen - guckt doch mal ins Nachbarbüro
- @LAndreas - System call interception
- @toadle - The end of developer-days. - Ab wann braucht der Markt eigentlich keine Entwickler mehr?
- @halfbyte - How do you keep your dependencies up to date?
Teilnehmerinnen und Teilnehmer (19)