Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Good crypto / Bad crypto

  • 24-04-2014 3:00pm
    #1
    Sebzy
    Registered Users, Registered Users 2 Posts: 1,775 ✭✭✭


    Been asked by a colleague to review this service as a potential tool for our users to create new passwords.

    http://www.askthedirectory.com/

    See not too sure how to tell them how bad of an idea this is.
    Tagged:


Comments

  • #2
    Cuddlesworth
    Registered Users, Registered Users 2 Posts: 14,012 ✭✭✭✭Cuddlesworth


    Lets look over the details.

    Non-existent site - Check
    Registered to American Hosting service and .com domain - Check
    Email address is to a yahoo account - check

    Now lets face facts. There is no chance in hell that this company was stumbled upon, they have zero presence on the web or advertising. So it either came from a spam email, which should be easy enough to trace. Or the owner is the brother/friend of somebody in your company and its his new genious idea which will make him and them rich. Which means its going ahead no matter how stupid it is. Which it is stupid, there are numerous tools out there for password resets without human interaction.

    Good luck with that.


  • #3
    Sebzy
    Registered Users, Registered Users 2 Posts: 1,775 ✭✭✭Sebzy


    The whois registration for askthedirectory.com is a chap from Dublin (go figure)

    Who would actually use this?


  • #4
    Steviemoyne
    Registered Users, Registered Users 2 Posts: 649 ✭✭✭Steviemoyne


    They show up on Solocheck.ie anyway so from first glance everything seems above board. As for who would use it, I have no clue.

    According to solocheck they're in business 4 years.


  • #5
    CreepingDeath
    Closed Accounts Posts: 8,015 ✭✭✭CreepingDeath


    Cuddlesworth wrote: »
    Lets look over the details.

    Non-existent site - Check
    Registered to American Hosting service and .com domain - Check
    Email address is to a yahoo account - check

    Site uses a self signed https cert - Check
    Site doesn't default/redirect users to https - Check

    No, this is a complete amateur with no idea about real computer security.

    LastPass is a free browser add-on that lets you generate very strong passwords.

    I 100% rely on that for ALL passwords I have.


Advertisement