On 12/6/2011 7:12 PM, Les Mikesell wrote:
2011/12/6 Fajar Priyantofajarpri@arinet.org:
I happen to have a copy of an older brute-forcer dictionary here (somewhere) and it's very large and has lots of very secure-seeming passwords in it.
Why not don't allow root login from ssh? That's basic yet effective.
This particular brute-forcer didn't require root access to spread.
It can work under a normal user without root....
You miss my point.
I'd expect it to be at least typical to firewall direct ssh access from the internet.
This thread is mostly speculation. My 'other speculation' is that this 'could have been' a disgruntled employee. Someone that had root and also a user on the system. It 'could have been' that the user was not removed and the root pass not changed. Simple as that.... no break in per se, but just bad policies. If they were a couple of versions back on updates, there were other bad policies... but I think we 'speculated' on that as well?
Further 'speculation' on this is just more CentOS list garbage unless someone can provide details on what exactly did happen. More than likely some inside C&C do have ideas, but are likely too embarrassed to say it.
Humans are lazy if they can be. Over time, complacent. Look at xBox. Now this. And even if you do run a perfect system, just like with a new virus... somebody has to get it first to turn it in for a signature to be written. A certain number of people will get that virus.... a certain number of servers will get exploited before patches are issued and the delay of putting them into place. Black hats work just as hard as gray hats and white hats and maybe harder.
You will never stop crime... you will never stop terrorism... you can only do what you can to limit it without bankrupting yourself (in time or money) in the process, and try to be prepared for when it hits.
So, when is CentOS 7.0 going to be ready? ;)