If anyone is using the Blackboard brand of courseware, I'd like to
The problem is the system security setup. To prevent hacking, it will
disable an account after three failed login attempts. This is, of
course, designed to foil any attempt to guess passwords. We're trying
to explain to our IS staff A) how annoying this is, and B) how they've
set themselves up for a huge denial-of-service attack. Any disgruntled
student could decide to lockout accounts for all of his instructors and
the entire class just by entering their usernames and taking a bad
guess at their passwords.
Has anyone seen this "security feature" abused?
From email@example.com Tue Sep 2 15:24:25 2003