[CentOS] an actual hacked machine, in a preserved state

Tue Jan 3 22:10:59 UTC 2012
Pete Travis <lists at petetravis.com>

Here's the qualifying statement I made, in an attempt to preempt pedantic
squabbles over my choice of arbitrary figures and oversimplified math:
> > I am not a statistician,  but

Here is a statement intended to startle you into re-examining your position:
> > Simplistic probability puts the odds of success
> > at 50% - either the attacker gets it right, or they don't.

Here's the intended take home message:
> >The next guess has the same
> > rough odds of being correct as the 100563674th guess.
>

Yes, you have to worry about a brute force attack succeeding, every hour of
every day that you give it a window to knock on.

Here is you nitpicking over figures; acknowledging the opportunity for an
improvement of several orders of magnitude and disregarding it, stuck in
your misconceptions; and wholly missing the point.
> Actually, each time you make a guess and it's wrong, the probability of
> success goes up slightly for your next guess.  Imagine having 10 cups
> with a ball under one of them.  The probability of turning over the
> right cup on the first try is 1/10.  If you're wrong, though, then the
> probability of getting it right on the next cup goes up to 1/9, and so on.
>
> But it's all a moot point if there are 10^24 possible passwords and the
> odds of finding the right one in any conceivable length of time are
> essentially zero.
>
> > Of course, no amount of guessing will succeed on a system that doesn't
> > accept passwords.   System security, in terms of probability, seems to
be
> > an 'every little bit helps' sort of endeavour.
>
> Well it depends on how literally you mean "every little bit" :)  If the
> chance of a break-in occurring in the next year from a given attack is 1
> in 10^10, you can reduce it to 1 in 10^20, but it's already less likely
> than your data center being hit by a meteorite.  The real problem is
> that it takes away from time that can be used for things that have a
> greater likelihood of reducing the chance of a break-in.  If I had taken
> the advice about ssh keys at the beginning of the thread, I never would
> have gotten to the suggestion about SELinux.
>
> Bennett
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos

I'm moving on from this - much better men than I have tried and failed here.