[CentOS] Server Hacked: Cpanel ++ News Article

Thu Aug 10 20:24:04 UTC 2006
Karl Balsmeier <karlski2004 at yahoo.com>

Apparently ours wasn't the only target then:

http://www.kake.com/home/headlines/3540076.html

These guys have been on a major campaign.

-krb



--- Bowie Bailey <Bowie_Bailey at BUC.com> wrote:

> William L. Maltby wrote:
> > On Wed, 2006-08-09 at 17:26 -0400, Bowie Bailey
> wrote:
> > > William L. Maltby wrote:
> > 
> > > The solution to that is a secure password
> manager.
> > > http://passwordsafe.sourceforge.net/
> > > 
> > > You just have to remember the one password and
> the program will track
> > > all of the rest for you.  This way you can use
> gibberish passwords for
> > > important sites such as online banking and you
> don't have to remember
> > > them or write them down anywhere.  The password
> database is encrypted
> > > using Twofish and SHA-256.
> > 
> > I don't care for that concept. One password
> cracked gives access to all.
> > I would rather take the admitted risk of writing
> them down (in *my*
> > scenario, rather secure at home) and referring to
> that when needed.
> 
> True, but if you make that one a good one and use it
> only for that
> purpose, the risks are minimal.
> 
> > The ones I use frequently will be remembered. I
> don't use them on the
> > road at all, so that's reasonable. I prefer to not
> have passwords stored
> > on computers any more that necessary.
> 
> I don't think it's a problem to have the passwords
> stored on the
> computer.  Just make sure they're securely
> encrypted.
> 
> > No I'll admit I fudge a *small* amount. Those who
> have access in my home
> > know windows only, not Linux and I have no shares
> with them. They are
> > TDU (Typical Dumb Users) and don't know how to use
> SSH, FTP, ... or even
> > how to find my comps on the LAN (now SMB node or
> Domain Controllers
> > here).
> > 
> > 
> > > The only real downside is that if you don't have
> access to the
> > > password manager, you don't have access to
> anything else either.
> > 
> > Well, I do consider the one password exposes all a
> downside. But I also
> > grant that it is more secure than many
> alternatives.
> 
> You know what they say:
>     "You can put all your eggs in one basket, but
> WATCH THAT BASKET!"
> 
> As long as you are extremely careful with the access
> password, you
> shouldn't have a problem.  I will take this risk for
> the advantage of
> being able to easily use highly secure passwords. 
> For example, my
> online banking password is a sequence of random
> characters.  I don't
> have to remember it or type it.  If I didn't have a
> tool like this, I
> would have to either write it down somewhere or use
> a less-secure
> password that I could remember.
> 
> > > Oh...and don't forget backup the password
> database! :)
> > 
> > I'm finalizing my LVM-based snapshots with aging
> of deleted files right
> > now, so I will be covered.
> 
> That works, but a simple backup copy to a floppy
> disk or external hard
> drive works as well.
> 
> > Thanks for the URL. I will go take a look. My mind
> is not yet
> > rusted closed even if (... *when*) I think I'm
> right! :-)
> 
> The creator of this tool is a rather paranoid
> security expert.  I
> figure if he is willing to use it, it's worth a
> look.
> 
> http://schneier.com/
> (note that the Password Safe information on that
> page refers to an
> older version that used Blowfish rather than
> Twofish)
> 
> -- 
> Bowie
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com