[CentOS] Unknown rootkit causes compromised servers

David Thompson thomas at cs.wisc.edu
Tue Jan 29 15:01:13 UTC 2008


"Michael A. Peters" wrote:
>> 
>> I have never understood this.  If I have a good, strong password that nobody
>> knows, how is changing it to another one an improvement over what I already
>> have?
>
>I agree with you.

For user accounts, changing one strong password for another gains you nothing, 
and may cause people to start writing things down, or choosing trivial 
passwords which still meet the password strength criteria, or whatever, 
actually weakening security.

However, if you have admins who come into or leave employment, changing 
privileged account passwords (read: root or equiv) is a necessary activity.

Cheers,

Dave Thompson
UW-Madison




More information about the CentOS mailing list