[CentOS] Server Hacked: Cpanel ++ News Article
Karl Balsmeier
karlski2004 at yahoo.com
Thu Aug 10 20:24:04 UTC 2006
Apparently ours wasn't the only target then:
http://www.kake.com/home/headlines/3540076.html
These guys have been on a major campaign.
-krb
--- Bowie Bailey <Bowie_Bailey at BUC.com> wrote:
> William L. Maltby wrote:
> > On Wed, 2006-08-09 at 17:26 -0400, Bowie Bailey
> wrote:
> > > William L. Maltby wrote:
> >
> > > The solution to that is a secure password
> manager.
> > > http://passwordsafe.sourceforge.net/
> > >
> > > You just have to remember the one password and
> the program will track
> > > all of the rest for you. This way you can use
> gibberish passwords for
> > > important sites such as online banking and you
> don't have to remember
> > > them or write them down anywhere. The password
> database is encrypted
> > > using Twofish and SHA-256.
> >
> > I don't care for that concept. One password
> cracked gives access to all.
> > I would rather take the admitted risk of writing
> them down (in *my*
> > scenario, rather secure at home) and referring to
> that when needed.
>
> True, but if you make that one a good one and use it
> only for that
> purpose, the risks are minimal.
>
> > The ones I use frequently will be remembered. I
> don't use them on the
> > road at all, so that's reasonable. I prefer to not
> have passwords stored
> > on computers any more that necessary.
>
> I don't think it's a problem to have the passwords
> stored on the
> computer. Just make sure they're securely
> encrypted.
>
> > No I'll admit I fudge a *small* amount. Those who
> have access in my home
> > know windows only, not Linux and I have no shares
> with them. They are
> > TDU (Typical Dumb Users) and don't know how to use
> SSH, FTP, ... or even
> > how to find my comps on the LAN (now SMB node or
> Domain Controllers
> > here).
> >
> >
> > > The only real downside is that if you don't have
> access to the
> > > password manager, you don't have access to
> anything else either.
> >
> > Well, I do consider the one password exposes all a
> downside. But I also
> > grant that it is more secure than many
> alternatives.
>
> You know what they say:
> "You can put all your eggs in one basket, but
> WATCH THAT BASKET!"
>
> As long as you are extremely careful with the access
> password, you
> shouldn't have a problem. I will take this risk for
> the advantage of
> being able to easily use highly secure passwords.
> For example, my
> online banking password is a sequence of random
> characters. I don't
> have to remember it or type it. If I didn't have a
> tool like this, I
> would have to either write it down somewhere or use
> a less-secure
> password that I could remember.
>
> > > Oh...and don't forget backup the password
> database! :)
> >
> > I'm finalizing my LVM-based snapshots with aging
> of deleted files right
> > now, so I will be covered.
>
> That works, but a simple backup copy to a floppy
> disk or external hard
> drive works as well.
>
> > Thanks for the URL. I will go take a look. My mind
> is not yet
> > rusted closed even if (... *when*) I think I'm
> right! :-)
>
> The creator of this tool is a rather paranoid
> security expert. I
> figure if he is willing to use it, it's worth a
> look.
>
> http://schneier.com/
> (note that the Password Safe information on that
> page refers to an
> older version that used Blowfish rather than
> Twofish)
>
> --
> Bowie
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the CentOS
mailing list