Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You can rate limit individual users but password spray attacks use a large number of accounts to remain undetected in a authentication system used by an even more users.


{rolls eyes}

This is precisely the kind of 1990's level basic heuristic that this company cites as part of their Sentinel security system.

Trying to excuse a breach by 'the attacker tried a few passwords against lots of different accounts' is not compelling.


We are getting 10000x times the number of wrong passwords than average, I'm sure it's nothing to worry about.


It was a legacy test system connected to a production system so it doesn't count. Obviously. /s




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: