[CentOS] an actual hacked machine, in a preserved state

m.roth at 5-cent.us m.roth at 5-cent.us
Tue Jan 3 20:05:03 UTC 2012


Ljubomir,

Ljubomir Ljubojevic wrote:
> On 01/03/2012 04:47 PM, m.roth at 5-cent.us wrote:
>> Having been on vacation, I'm coming in very late in this....
>>
>> Les Mikesell wrote:
>>> On Tue, Jan 3, 2012 at 4:28 AM, Bennett Haselton<bennett at peacefire.org>
>>> wrote:
>> <snip>
>>>> OK but those are *users* who have their own passwords that they have
>>>> chosen, presumably.  User-chosen passwords cannot be assumed to be
>>>> secure against a brute-force attack.  What I'm saying is that if
>>>> you're the only user, by my reasoning you don't need fail2ban if
>>>> you just use a 12-character truly random password.
>>>
>>> But you aren't exactly an authority when you are still guessing about
>>> the cause of your problem, are you?  (And haven't mentioned what your
>>> logs said about failed attempts leading up to the break in...).
>>
>> Further, that's a ridiculous assumption. Without fail2ban, or something
>> like it, they'll keep trying. You, instead, Bennett, are presumably
>> generating that "truly random" password[1] and assigning it to all your
>> users[2], and not allowing them to change their passwords, and you will
>> be
>> changing it occasionally and informing them of the change.[3]
>>
>> Right?
>>
>> 1. How will you generate "truly random"? Clicks on a Geiger counter?
>> There is no such thing as a random number generator.
>> 2. Which, being "truly random", they will write down somewhere, or store
>> it on a key, labelling the file "mypassword" or some such.
>> 3. How will you notify them of their new password - in plain text?
>
> Bennet was/is the only one using those systems, and only as root. No

Ohhhh....

> additional users existed prior to breach. And he is very persisting in
> placing his own opinion/belief above those he asks for help. That is why

So he's not only not wanting to accept that he blew it, but wants
"validation" for that wrongheadedness.

> we have such a long long long thread. It came to the point where I am
> starting to believe him being a troll. Not sure yet, but it is getting
> there.

As long as no one's giving him support in his ideas, he's now got someone
outside himself (and the intruder) to be against. Just like the US right
wing....
>
> I am writing this for your sake, not his. I decided to just watch from
> no on. This thread WAS very informative, I did lear A LOT, but enough is
> enough, and I spent far to much time reading this thread.

Thanks for the offlist email. Happy new year to you.

      mark




More information about the CentOS mailing list