18 Sep
2013
18 Sep
'13
2:42 p.m.
From: Michael Ströder [mailto:michael@stroeder.com]
Paul B. Henson wrote:
our security group is pushing us to enable failed login lockout
..which will stupidly open a DoS attack vector...
Preaching to the choir on that one, my friend. I already promised our ISO that the day we turn it on there are going to start to be random authentication failures on his account originating from untraceable web proxies around the world to the point where he'll never be able to actually login ;). I just work here