[CentOS] Unknown rootkit causes compromised servers
David Thompson
thomas at cs.wisc.edu
Tue Jan 29 15:01:13 UTC 2008
"Michael A. Peters" wrote:
>>
>> I have never understood this. If I have a good, strong password that nobody
>> knows, how is changing it to another one an improvement over what I already
>> have?
>
>I agree with you.
For user accounts, changing one strong password for another gains you nothing,
and may cause people to start writing things down, or choosing trivial
passwords which still meet the password strength criteria, or whatever,
actually weakening security.
However, if you have admins who come into or leave employment, changing
privileged account passwords (read: root or equiv) is a necessary activity.
Cheers,
Dave Thompson
UW-Madison
More information about the CentOS
mailing list