Security basics
Jonathan Underwood
jonathan.underwood at gmail.com
Wed Oct 3 20:18:21 UTC 2007
On 03/10/2007, Karl Larsen <k5di at zianet.com> wrote:
> I have sure heard a LOT about security updates and I have had my own
> problems. For years I thought the only thing necessary was a good root
> password. This year I found out with ssh around you need a good password
> for your own login name. My problem was caused by having a super poor
> login password which was my last name. Since the login name was karl it
> followed.
>
> Fixed that problem with a real hard password for karl and root has a
> changable hard password. In my olden working days we had safes for State
> Secrets and they had what were called "one hour" locks and 30 minute
> burn protection. We changed the combination every 6 months. Drove me bats!
>
> So the question is this: If I have passwords that are safe for an
> hour, is not my computer safe from tampering? I guess the Internet could
> send you a file that works to discover passwords and then emails them to
> the sender? But this is hard to do.
Have a read of this:
http://www.la-samhna.de/library/brutessh.html
Jonathan.
ps. You did erase and reinstall your system after it was compromised, right?
More information about the fedora-list
mailing list