[CentOS] Unknown rootkit causes compromised servers
Johnny Hughes
johnny at centos.org
Tue Jan 29 18:41:27 UTC 2008
David Thompson wrote:
> "Michael A. Peters" wrote:
>>> I have never understood this. If I have a good, strong password that nobody
>>> knows, how is changing it to another one an improvement over what I already
>>> have?
>> I agree with you.
>
> For user accounts, changing one strong password for another gains you nothing,
> and may cause people to start writing things down, or choosing trivial
> passwords which still meet the password strength criteria, or whatever,
> actually weakening security.
>
> However, if you have admins who come into or leave employment, changing
> privileged account passwords (read: root or equiv) is a necessary activity.
>
I disagree with this too, changing one strong password for another gains
you plenty if someone has compromised the initial one.
The purpose of changing strong passwords is so that if someone has been
fortunate enough to use some kind of method to get a password, they
loose access again after the new password change and have to start over
at the beginning to get back in.
This gains you plenty if someone who is unauthorized losses access.
If you are dealing with regular users, Bill will give Ted a password for
one item when Bill goes on vacation since it is much easier than
getting the IT weenies to change the access that Ted has ... besides he
only needs to login one time while Bill is on vacation. However, if
Bill never has to change his password then Ted has Bill's access forever.
Then of course there is the brute force guessing, etc.
Changing passwords at regular intervals is more secure than keeping the
same passwords.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20080129/2a135835/attachment.sig>
More information about the CentOS
mailing list