Main security threats

Brute force


Fig. 1 Time to brute force a password as a function of length and complexity. Credit:


Fig. 2 Same as Fig. 1. Credit: Hive Systems with data sourced from

Exemple of hacked passwords














Fig. 3 The 2019 annual SplashData password survey revealed the most common passwords from 2015 to 2019.

Credential stuffing

Traffic Interception (http, unsecured Wi-Fi)


Fig. 4 Percentage of websites using security certificates. Source

Social engineering

Social engineering is the psychological manipulation of people into performing actions or divulging confidential information (source Wikimedia).

Phishing exemple


Fig. 5 Always hover over the link to reveal its destination before clicking.


Fig. 6 Check the email address of the sender (not just the displayed name).


Fig. 7 Also check if the email was sent to you or to lists of people that are totally irrelevant.

Checking a email header


Fig. 8 Show the raw header of an email on the Zimbra webmail.


Fig. 9 Carefully inspect the origin of the email.

Signal spam


Fig. 10 Take the time to report any malicious emails as spam. This will help the community fight them.



If your APC email is compromised, the attackers will

  1. send a massive amount of SPAM from it => the mail servers of IN2P3 will be blacklisted :(

  2. target email attacks with links or attachments to infect a professional computer => then rebound towards the interior of the IT park to infect more machines and potentially do a lot of harm

Commercial websites

If your password has been hacked, the attackers will try it on every commercial website, like Amazon, Ebay etc., to buy something on your behalf.