Comments on: Nice little ‘too many login attempts’ move by Facebook http://www.techsoapbox.com/nice-little-too-many-login-attempts-move-by-facebook/ Soapboxing every damn day Thu, 21 Aug 2008 20:13:27 +0000 http://wordpress.org/?v=2.3.3 By: James Simmons http://www.techsoapbox.com/nice-little-too-many-login-attempts-move-by-facebook/#comment-36555 James Simmons Mon, 03 Mar 2008 14:22:39 +0000 http://www.techsoapbox.com/nice-little-too-many-login-attempts-move-by-facebook/#comment-36555 Good point Dave. Of course, attempting to brute force the password would also possibly result in a DoS event (although of another nature). Good point Dave.

Of course, attempting to brute force the password would also possibly result in a DoS event (although of another nature).

]]> By: Dave http://www.techsoapbox.com/nice-little-too-many-login-attempts-move-by-facebook/#comment-32415 Dave Fri, 01 Feb 2008 18:44:54 +0000 http://www.techsoapbox.com/nice-little-too-many-login-attempts-move-by-facebook/#comment-32415 Although I always liked the security aspects of a lockout feature, it can also be used as a denial of service weapon. Imagine a bot repeatedly going through a list of users, trying passwords until locked out, then moving to the next user. Pretty soon, everyone is locked out, including the admin! Although I always liked the security aspects of a lockout feature, it can also be used as a denial of service weapon. Imagine a bot repeatedly going through a list of users, trying passwords until locked out, then moving to the next user. Pretty soon, everyone is locked out, including the admin!

]]>