attack 2
John Summerfied
debian at herakles.homelinux.org
Fri May 13 01:12:47 UTC 2005
James Wilkinson wrote:
> grim wrote:
>
>>if the passwords are as weak as roland's seems to be the
>>'PermitRootLogin no'-option is only a little barrier. instead of one pw
>>the attacker has to get two passwords.
>
>
> And a username. Depending on the attacker and the site, that may or may
> not be trivial.
>
> At least some of the boxes I look after with SSH running have usernames
> that don't appear in dictionaries or Google, and aren't widely known
> outside the company. It means that an attacker has to get to know one of
> the users.
Do they appear in email addresses?
>
> They're not really "another password", but they're another hoop for
> people to jump through.
TPG (an Oz IAP) had niterider dialup accounts for a while, free of
charge but usage mindnight to dawm. I signed up for seven hours a day of
downloading whatever I wanted for free. I used the password generator in
expect to generate both my user name and password:-)
--
Cheers
John
-- spambait
1aaaaaaa at computerdatasafe.com.au Z1aaaaaaa at computerdatasafe.com.au
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
More information about the fedora-list
mailing list