[CentOS] an actual hacked machine, in a preserved state

Les Mikesell lesmikesell at gmail.com
Wed Jan 4 22:30:33 UTC 2012


On Wed, Jan 4, 2012 at 4:13 PM, Markus Falb <markus.falb at fasel.at> wrote:
>>
>> To be absolutely clear: Do you, personally, believe there is more than a
>> 1 in a million chance that the attacker who got into my machine, got it
>> by brute-forcing the password?
>
> I think it was Lamar trying to point out that statistics and
> probabilities are not applicable to the single individuum (at least not
> to lotterie players or captains of big vessels)

And the last post was more to the point that there have been earlier
exploits that could have permitted access to the shadow file even if
those are currently fixed with updates.  And there are lots of other
ways to steal a password.  Whether it was brute-forced or not is
mostly irrelevant.  It is reusable and you don't know if someone else
has it.

-- 
   Les Mikesell
     lesmikesell at gmail.com



More information about the CentOS mailing list