Social Engineering Still Best Way to Crack Security 522
binaryDigit writes "The Register has an amusing article about a study done in the UK where office workers were asked tricky questions like 'What is your password', and 75% of the respondents answered... They were also asked ethical questions, 'If you found a file with your coworkers salaries, would you look', 75% would, and 38% would pass the information around! Read on to be both amused (esp. the CEO) and scared."
Salaries? (Score:2, Troll)
Re:Salaries? (Score:2, Funny)
Re:Salaries? (Score:2)
Re:Salaries? (Score:5, Insightful)
Re:Salaries? (Score:3, Insightful)
A company accomplishes a lot more than being able to pay people less, by encourage non-disclosure of salaries. They also keep any feelings of resentment and bad attitudes to a minimum which ca
Re:Salaries? (Score:4, Insightful)
[blockquote]
I've seen what happens when people do, and it usually just makes for a bad environment.
[/blockquote]
You make my point. The reason the environment is bad is because some people are getting paid more for the same, or even less, work. As long as they can keep everyone in the dark then people are happy.
Open Salaray Policies at some companies. (Score:4, Interesting)
hmmm (Score:4, Interesting)
Let's Test the Theory (Score:2, Funny)
Re:Let's Test the Theory (Score:5, Funny)
It's ********
Pen, please?
Re:Let's Test the Theory (Score:5, Funny)
It's Frodo.
Don't worry about sending the pen, I called up your ISP and said I was Bob the field service tech and you were having trouble logging in, would they mind verifying that your password was 'patthebunny', they indicated it must have been changed, I indicated you had tried to change it to 'patthebunny', which hadn't apparently gone through, "maybe the password change object garbled it, what does it show?" With that tidbit I looked into your account and found a cookie with your Visa card number and some email with your home address. I called up Visa and changed the billing address (tip o' the hat to your mom wishing you a happy birthday) A carton should be arriving at the neighbor's (who happens to be away on business, but I have a fake DL with his name on it, thanks to the DMV who never check anything.)
Whoops! Look at the time. Better get my duds on and stroll into the governors mansion like I belong there. (I need to complete 6 place settings and only have 4 so far.)
Ta!
My password is (Score:5, Funny)
Re:My password is (Score:4, Funny)
Re:My password is (Score:3, Interesting)
Re:Let's Test the Theory (Score:4, Funny)
(I should get two pens for that one. hehe)
Re:Let's Test the Theory (Score:5, Funny)
One thing though... when I'm logged him as him, I can't see any of the articles. Any suggestions?
Re:Let's Test the Theory (Score:3, Funny)
You also lost the ability to write. If you start double-posting, we'll officially know the account is haunted.
Re:Let's Test the Theory (Score:3, Insightful)
I'll give you a fake password.
Is there any reason to believe that people didn't just give a fake password to get a free pen? Were the passwords actually verified?
"Yeah, my password is 'password', now give me that pen."
Social Engineering is all but unstoppable (Score:5, Insightful)
not 75%. 95% of the men and 85% of the women did.
It's sad because no matter how much I know this, people are
still able to shock me. 90% of them gave their passwords away!
I would've thought maybe 10% or 20%, but 90%?!?
As a corollary to this article, Kevin Mitnick's book "The Art of
Deception" is fantastic. I tend to think of myself as fairly
security conscious, but this book opened my eyes.
Social Engineering is a very real threat, something IMO will
take decades to be addressed. At a certain level I think Social
Engineering can never be totally defeated or even necessarily
defeated to any large degree. The problem lies with
efficiency. Any large organization that works with a large
number of external organizations is *extremely* vulnerable to
this type of attack, even with incredibly strong security
measures in place.
The company that I work for has very, very stringent control
policies for security. They are by far the most security
conscious company that I have ever worked for, yet I am
supremely confident that even a poorly executed Social
Engineering attack would be highly successful. There is no
doubt about it, when it comes to security humans are definately
the weakest link.
I wonder if the reason the numbers were a little low last year
was due to the september 11th attacks. After the attacks people
were highly conscious of security, but as time passes people
relax more and begin to trust other people more. They just
don't realize how small pieces of information can incur such a
large cost.
Re:Social Engineering is all but unstoppable (Score:5, Interesting)
No, I said that 75% of them answered the direct question ("What is your password"). The article says that eventually 90% gave up their passwords, but it took a couple more questions to get to that percentage. That's what was so amazing, that 75% didn't even have to be "tricked", they just gave it up when asked.
Re:Social Engineering is all but unstoppable (Score:5, Insightful)
Doing this once or twice a year would be dirt cheap, amusing, and very useful.
Re:Social Engineering is all but unstoppable (Score:5, Insightful)
One of the first things I would ever do on the occasion someone gave me a password was tell them to change it immediately after i was done doing whatever I was doing, most of them gave me strange looks.
IT should never need your password for anything, if they need to login as you for whatever odd reason they should get your permission, wipe out your old password, put in a new temp one, use that, then give you the temp one and tell you to change it.
They shouldn't even know your password scheme as long as a trip through satan or something similiar doesn't turn anything up, or you force some standards on them like not using your logon as your password and other simple security provisions.
Cute reasoning, but counterproductive. (Score:5, Insightful)
Re:Social Engineering is all but unstoppable (Score:5, Insightful)
I replied, "Real systems administators will never need to ask for a user's password. If someone asks you for your password, they must be trying to infilitrate the system."
This caused his boss, who was standing next to him, to burst out laughing.
I don't know what he needed to do, but I didn't give him my password.
The Air Force did this. Once. (Score:5, Interesting)
Some time back, everyone connected to the US Air Force (military, civil service, contractors, you name it) had to go through basic "here's how to not fuck up your password security" training. Everyone from generals to secretaries.
Few weeks later, an AF-wide email was sent out from the internal security people. It was very short (I forget the exact text), and it pointed people at a .mil website.
The website had a simple "type in your username and password" form.
Ungodly numbers of people blindly typed it in. Everyone from generals to secretaries. Clicking on the "submit" button logged your username in a database of Incredibly Stupid Gullible People who immediately had their accounts locked. :-)
(Some of the smart people in my branch just killed the web browser without entering anything. I think my coworker and I entered name/pass pairs like "verycutetrick/nicetry".)
A few days later, another AF-wide email from the security people, scolding everyone. Those who had fucked up were required to write a half-page essay justifying why they should have their account re-enabled even though they just handed access to an unknown group of people. I was pleased.
A few days after that, the essay requirement was revoked. Seems some N-star general with more stars than functioning neurons felt he shouldn't have to justify himself to anyone. I was disappointed.
Now we have card readers in addition to passwords. Pull out the card, the terminal locks. And the "if you mess up, your account is revoked" rule is (finally!) enforced by official AF directive.
Re:Social Engineering is all but unstoppable (Score:5, Informative)
Re:Social Engineering is all but unstoppable (Score:3, Insightful)
They probably figure that they're supposed to. I mean, really, does the average office worker want to tell the boss that their $150/hour consultant had to stay extra time while you figured out whether or not you were allowed to give them the information they requested? Sure, they're still making a mistake, but at least there's a reason for it.
I wonder if something similar happen
Re:Social Engineering is all but unstoppable (Score:5, Interesting)
Is it right? Of course not, but it's a sign that further development is needed to make security more user-friendly going forward.
Re:Social Engineering is all but unstoppable (Score:5, Interesting)
Re:Social Engineering is all but unstoppable (Score:5, Insightful)
The thing about something like a smartcard is that it adds a physical security layer. Even if you give someone your PIN, they still need your card. While someone could steal your card, you would be more likely to recognize "Hey, someone took my card" so that security could be locked down. Plus it because it a physical layer of security it's less likely that Joe h4xx0r will even be able to steal your card in the first place (ie. you can't physically give your card out over the phone).
And biometrics let the computer recognize who you are instead of you telling the computer who you are.
Re:Biometrics don't work (Score:3, Interesting)
Just breathing on some scanners is enough to "reactivate" the previous user's print (from the oil they left behind). Or, when the scanner also checks for temperature, press a baggy filled with warm water against the sensor.
Iris scanners were defeated by pasting a picture of the user's iris on your glasses, or in some cases just holding a picture of the person up to
Re:Social Engineering is all but unstoppable (Score:5, Interesting)
This wasn't even very good social engineering. The best tactics (psychologically) are methods that don't even let the person being "engineered" know that they have given data away
Try this one (it's my favorite and my most productive tests at the companies that I help with security). Find out the name of an IT employee. Call up the intended victim and say "I'm John Doe from the IT department. We had a problem with our server which caused your password to be corrupted. We've set your password back to Guacamole and we're wondering if you've experienced any problems"
Invariably, the victim will say "My password isn't Guacamole, it Pastrami!" to which you reply "Oh, I'm terribly sorry, we'll get that fixed before you know it".
This results in a good password and the victim not even realizing that they've breached the company's security.
If anyone else has "high yield" social engineering scripts, please e-mail them to me ... I'd love to do a study to see which are most effective and why
Re:Social Engineering is all but unstoppable (Score:5, Funny)
Lol, nice try ;)
Re:Social Engineering is all but unstoppable (Score:3, Funny)
The technology is almost (if not actually) at full ability, it's time to go with Bio-Metric security.
I'm running a laptop that has one of those fingerprint scanners attached. My "password" is my right mid-digit.
"Excuse me, but for a free pen, w
Re:Social Engineering is all but unstoppable (Score:5, Funny)
That's why at my workplace every conversation is preceded by an multi-step exchange of public encryption keys and all the conversations that you hear in the hall sound like gibberish.
I couldn't be duped by this... (Score:5, Funny)
Re:I couldn't be duped by this... (Score:5, Funny)
Jeez don't you know anything about security? You put the sticky note on the bottom of your keyboard, that way the hackers can't find it.
Re:I couldn't be duped by this... (Score:5, Funny)
Just for laughs, I have a sticky note on the bottom of my keyboard with a couple random names and some digits on it. It has nothing to do with my password, but I am amused by the idea of somebody coming along and trying zillions of useless combinations based on my red herring.
After all, who would put a sticky on the bottom of their keyboard unless it was for recording a secret password?
Social Engineering ... (Score:3, Insightful)
People.
Are.
Stupid.
Re:Social Engineering ... (Score:2, Insightful)
Naughty (Score:2, Funny)
I love the way the register slipped that in on it's own between paragraphs.
How could they tell if someone was lying? (Score:5, Funny)
Guy: "What's your password."
Me: "My favorite tool. Dickfore."
Guy: "What's a dick-"
Me: "Nahahaha!" *scamper off*
Amusing examples (Score:5, Funny)
Security just isn't the focus of a lot of people (Score:5, Funny)
I turned on strong password authentication when I was promoted.
Now they just leave the passwords on a post-it-note on their monitor and still share it with everyone else. Lately during the monthly meetings I've been stressing the importance of security.
Re:Security just isn't the focus of a lot of peopl (Score:5, Funny)
Sounds like they need to have a "Hey, Asshole!" note e-mailed to the boss from their account. Then let them try to figure out which of their trusted co-workers sent it.
A little paranoia would work wonders here.
Re:Security just isn't the focus of a lot of peopl (Score:3, Funny)
------------------
> telnet smtp.yourcorp.com 25
helo yourcorp.com
mail from: victim@yourcorp.com
rcpt to: ceo@yourcorp.com
data
Cc: supervisor@yourcorp.com
Bcc: victim@yourcorp.com
Subject: Asshole!
Hey asshole,
I'd just like to remind you that you really suck donkey dong! I'd tell you to go screw yourself, but it seems the VP is already in "the position"
Re:Security just isn't the focus of a lot of peopl (Score:2, Insightful)
The GIs in WWII used to have a saying when they abused a jeep by running it over a pothole or something: "Oh well, it's not my jeep."
Same thing with passwords: "Oh well, it's not my data."
in a related study (Score:2, Funny)
that jerk on the tour that told you chicks dig engineers was a lying bastard.
Social Engineering Still Best Way to Get Free Pen (Score:5, Insightful)
'Cause, you know
Until the people who ran this survey actually *test* their findings, their data isn't very valid.
Re:Social Engineering Still Best Way to Get Free P (Score:2, Funny)
Thinking: "Don't say Homer, don't say Homer."
Saying: "Homer!"
Employee Update (Score:5, Funny)
Re:Employee Update (Score:5, Funny)
stupid (Score:5, Insightful)
Re:stupid (Score:5, Interesting)
"Hi this is steve from the network operations center. we have been noticing that your machine has been accessing unapprove websites. I need to verify this is you. What is your login?"
"Ok thanks"
2 days later... "Hi this is dave from Information services, we are setting up a new internal website to make human resources files easier for you to access, claim forms and such.. what password would you like?"
9 times out of ten I will get their network login.
That is real social engineering... first harvest good usernames then go password harvesting.
Social engineering is much more subtle that you realize. hell I have in my wild youth had operators and even Telephone company techs give me access number passwords and account information without a second thought over the phone.
Social engineering is super easy if you know how to do it. and it makes life in general easier.
I can return any item to any store without a recipt, get a sale price on an item that is 3 days after the sale, or even get the $100.00 bill changed at that gas station that has 500 signs that say "no $50.00 or $100.00 bills!"
chances are that you will get Social engineered and never EVER know it.
my password... (Score:5, Interesting)
Easier to remember that way.
actually, for a lot of my passwords I use bad math - like "16x12=42" - the biggest problem I've seen from it is it screws up my ability to do math.
The worst password system I've seen is in the online banking system that BankOne uses (which also applies to the credit cards that they run).
It won't allow you to use certain characters on the keyboard - it forces them to be 6 (!!!) alphanumeric characters.
They might have changed their system since I last saw it - I cancelled my account and wrote them a letter telling them they were retarded when they implemented that.
Nothing like severely limiting the keyspace for making good security.
6 letter password (Score:2, Interesting)
I had an account with them too (long since canceled) and used the following password for it:
E6l7rs
Which, naturally, stands for "Exactly 6 le7ters".
Even with crappy restrictions, you can usually come up with something that's not going to be easil
Uh-uh (Score:2)
Re:my password... (Score:3, Funny)
On the other hand, after the account was gone, I decided I liked the sound of the password, so at least I got a new nick out of it.
cheers,
2short
Re:my password... (Score:5, Funny)
Sadly... (Score:4, Insightful)
and how is this different (Score:5, Insightful)
Why is salary and compensation secret ? I can remeber getting bonuses in front of people to HIGHLIGHT your work and effort and to illuminate to the rest of the staff that such things happened and extra effort was rewarded. Now we are told this is confidential information not to be discussed with anyone, SCREW YOU, we get tohether and compare notes all the time. If the company wants to play games and not pay based on solid criteria and reviews and performance, vs private negotiations then they had better be prepared to deal with the kind of environment that generates...
Secret salary info only helps employer (Score:3, Interesting)
Re:and how is this different (Score:2)
It soon won't be in the UK.
I can't remember when the law is changing (or if it has already changed) but to prevent descrimination between the salaries of men and women, companies will soon have to reveal how much people are paid to their employees.
I've always been of the opinion that it's in the long term interest of the company to be reasonably open about how much people are paid, so that the employees can see that people who work hard and work effectively for th
Discussing salaries is legally protected (Score:3, Informative)
Here are the details [smartpros.com].
And, btw, U.S. labor law protects concerted activity even if you aren't actively organizing a union.
Now that chrisd is gone ... (Score:5, Funny)
My computer password is:
- 12345
- jennajameson
- password
- Other, type here: _____________
- cowboyneal
Re:Now that chrisd is gone ... (Score:2)
How many people gave fake answers? (Score:3, Funny)
When I was in college, Sears was giving away cups if you applied for a credit card. My friends and I must have applied for 50 of them. Yes, my name is Hugh Ugly. And I live at 314 Pi Street.
There has to be some minimal standard ... (Score:3, Funny)
admission (Score:5, Insightful)
The number of things that I have to remember a fscking account name and password for in my life in insane.
To make it worse, at work the sysadmins decided that we have to change network passwords every two months!!
So, I have in my head a 'password pool' of my eight favourites, and continuously cycle through them. At worst, when I am trying to login to something I haven't used in awhile, I have to try at most eight times (usually four times). I admit this is bad.
Social engineering attacks work because the rate these systems are introduced (all with their own unique authentication scheme) vastly exceeds the rate of the human and society's ability to organize information.
Social engineering vs. Common Passwords. (Score:5, Informative)
Probably well over 50% of users use a common password within the top 10 category. (source silicon.com and Egg (UK bank))
Top 10 list:
1. Blank
2. password.
3. Cartoon(s).
4. Footbal team or player.
5. Pets.
6. Date of birth.
7. Girfriend name.
8. Something nasty; words like sex, fu** or prOn.
9. Sci-fi or fantasy (Gandalf, Yoda, etc.).
10. Company name.
Other common alternatives:
-Names on children
-qwerty and asdf
-Same password and login (root and root)
It's sad; but Joe-users are (generally) very ignorant about this problem.
Re:Social engineering vs. Common Passwords. (Score:3, Informative)
Re:Social engineering vs. Common Passwords. (Score:3, Funny)
The best password I've ever used (Score:4, Funny)
WHAT? (Score:4, Insightful)
Ok, so that's 47% of the company had a password that anyone could guess in 10 seconds! WHAT?? OK, I believe people are stupid, even REALLY stupid. But this I'm not sure I can believe. This study has to be tainted or something-- did they test all these passwords to make sure people weren't making them up? Seems to me that 90% of the people I know would lie about their password for a free pen.
This is of course assuming that nobody's name was password, or their birthdate was 4/9/ers or anything.
It all boils down to money (Score:2, Interesting)
Passwords themselves are bad social engineering (Score:5, Insightful)
The best passwords from a technical standpoint are the worst from a social standpoint - the average net user probably has to remember a dozen or so passwords, and obscure combinations of characters are just not going to be remembered by people in this information-overloaded environment.
I don't have a solution - but calling the users stupid certainly isn't one. Indeed, perhaps we're the ones not paying attention.
IT arrogance is part of the "social" here... (Score:5, Insightful)
At this point don't you think the "You are an idiot, I'm going to educate you," "awareness raising" security efforts by IT (and HR) people have basically failed? An irritatingly intrusive security approach combined with condescension to the users -- that should work, right? So let's force them to change passwords every month, but then chide them about writing down their passwords anywhere. Good idea. Makes things less secure, but as long as they're more secure in theory...
(I have a big plastic "pill" on my cabinet here; on the side is printed "A security breach is a tough pill to swallow. Your password is yours alone." This came from a major corporate IT department. Did they think an expensive internal advertizing campaign was the way to prevent people writing down passwords on post-its? These same people were behind dot-com advertizing, probably. Pretty lame.)
Good password algorithm (Score:5, Interesting)
I still remember one guys password, because when he left the company he told me what it was in case I needed any of the information locked up in his account. It was CIrpotb,
It was the first letter of every word in a line from Jeremy, by Pearl Jam. "Clearly I remember picking on the boy," I am sure the comma was thrown in for variety. The other rule of the algorithm is to have one thing that violates the algorithm.
Re:Good password algorithm (Score:3, Insightful)
The problem with first-letter of common phrase is that it can reduce the variability o
Re:Good password algorithm (Score:3, Insightful)
Indeed, it does seem like someone without a brain might sugegst such a bad idea.
The idea between locking out an account after a certain number of tries is a reasonable one. You want to make it impossible for an attacker to repeatedly try passwords. There are two big problems.
1. Who can try the password? Anyone with access to your web site? Great, anyone in the world can denial of service a
Story.... (Score:3, Interesting)
The point is here: both sysadmin and users need to know about good security. How can I as a user protect my account if the sysadmin is assigning unchangable joe passwords?
Perhaps... (Score:3, Insightful)
Maybe *gasp* Stallman was right after all?
Protection from cheaters (con men) is fine and dandy, but perhaps the structures that require that level of protection are the problem, and not the people who are unnaturally forced to conform to security standards they don't want to?
I get such a kick out of all these Slashdot geeks sitting back, smug that their anti-social, paranoid behaviour makes them less of a target for con-men trying to "score big," while completely ignoring the corrolary: A lack of cooperation or trust in general means you don't get to reap the benefits of normal socialization.
I'm not sure which person is more sad: The one who trustingly gives away meaningless "passwords" to systems that are flawed and poorly designed anyway, or the ones who think they are somehow superior for being paranoid nutjobs about things that Don't Really Matter.
Many of you seem to think your systems are the target of every smooth-talking "social engineer" out there--get over yourselves. Nobody is interested in getting access to your porn-ridden home directories.
Kevin Mitnick's book was an interesting read, but he wasn't describing social engineering, he was describing a con artist whose prize wasn't money, but the thrill of lying convincingly to otherwise normal people. This is an asset? What the hell man? Here's an analogy that pops into mind: I can walk up to someone and sucker-punch them in the gut. Even the most seasoned martial-artists can be taken in by a sucker-punch. So what?! Should we all wander around in an extreme state of combat readiness? Should I be crowing about my own superiority just because I can sucker-punch a Ninjitsu nth-degree blackbelt god?
I call bullshit. Bull-effin-shit.
Obvious password detector, 19 years later (Score:4, Interesting)
Would somebody please put this in Linux?
Sure - which of my 15 passwords? (Score:4, Interesting)
In my personal life, I have about half that. So yeah, I do use the same password in different places. But I usually have a "low" "medium" and "high" security password algorithm that I use. My more secure ones are up to 15 characters, my least secure are blank. (for dumb apps at work)
Managing passwords can get pretty cumbersome, but I do it because I know it needs to be done. Most people don't realize that.
I still remember working in the computer lab in college, and having to reset people's passwords daily because they would forget them. In true suave-geek fashion, every hot chick got her password changed to my name. (that never did work out the way I had hoped) :-)
We didn't have social engineers - we had auditors (Score:5, Interesting)
Screw that.... (Score:5, Interesting)
Not only would open accounting force a company to be honest about what it does financially, but it would also be a potential morale boost to the staff (and that's even when the company is down in the hole...openness means understanding and makes people work together). Plus it would put an end to the stupidity of male-female salary inequities...like work would mean like payment and any extra pay would have to be defended on the basis of what that person brings extra to the company, as it should be.
Does not always apply (Score:3, Interesting)
Do you think that there would be a morale increase when it becomes common knowledge that the owners unqualified son in a junior position is paid more then people with greater amounts of skill?
Or when the 2 highest paid employees ae the owner and his secretary (who is also his girl friend).
How about when the executives ge
MAKING password security people's priority (Score:5, Interesting)
I turned on strong password authentication when I was promoted.
Now they just leave the passwords on a post-it-note on their monitor and still share it with everyone else.
Don't solve human problems with technical measures. Solve them with human measures. Would you expect the HR department to set up the company network? Then you shouldn't try to control employees. Quick solution to your problem is to:
Problem solved. There is one caveat- you MUST make it easy for them to change their passwords. CLEARLY document how to do it, and even go so far as to set up a time when people can drop by your office/cube and get help changing their password, and you MUST give them proper time for
Free Karma? (Score:3, Funny)
Well, here in Canada... (Score:4, Funny)
I might as well also mention that we don't use passwords either. We don't really worry too much about crackers - most of them are just bored kids with nothing better to do.
Password anecdote (Score:5, Funny)
On one occasion, he was helping some newbie with something; and he allowed the guy to log into his account. Naively, the newbie asked for the password across the room; everyone else in the computer center listened up expecting a refusal.
But instead, this CS guy just started to tell his password "j3Y9_fg..." loudly; the newbie started to type. But the password just kept comming; it was up towards 50 completely random characters long!
It turned out that the system insisted on a changed password every month; but the default selection was the old password. Rather than coming up with something new every month, this guy had just added one more character every time. Of course, it is not too hard to memorize one more character per month month either.
Tor
Favourite password (Score:4, Funny)
Other good ones are 'obscure' and 'secret', always fun if someone asks you for the password.
-What's your password?
-It's obscure.
-Good, but what is it?
-I told you, it's obscure.
-OK, let's start at the top, what's your login?
-It's secret. No, really! No, not the comfy chair!
Re:Favourite password (Score:4, Funny)
-It's obscure.
-Good, but what is it?
-I told you, it's obscure.
-OK, let's start at the top, what's your login?
-It's secret. No, really! No, not the comfy chair!
I did a few similar things with root passwds on development boxen. My two favourites are 'no' and 'not today'.
I heard about a SysAdmin who wanted to change the pass-phrase[0] for their alarm system to "How should I know? I'm just trying to rob the place."
[0] The phrase you give the operator from the alarm company when they call after the alarm's gone off.
From Ross Anderson (Score:5, Insightful)
"In conclusion, the main thing we did wrong when designing ATM security systems in the early to mid 1980s was to worry about criminals being clever; we should rather have worried about our customers - the bank's system designers, implementers, and testers - being stupid."
Passwords are a bad idea anyhow. (Score:5, Insightful)
Remember, with great power comes great responsibility. The sad fact is most end users are not ready for such responsibility.
A cool trick (Score:4, Interesting)
Call up Me and Eds or Pizza Hut and tell them you want to order a pizza for delivery. Give them your phone number and name, and they will happily read you back their address. Then hang up.
-Pat
Re:My password? (Score:2)
Oh, you man 1-2-3-4-5 (homage to SpaceBalls).
Re:My password? (Score:2, Funny)
Re:Root password? (Score:2)
Re:What's the big deal with salary information? (Score:3, Interesting)