[CentOS] an actual hacked machine, in a preserved state

Tue Jan 3 20:23:08 UTC 2012
m.roth at 5-cent.us <m.roth at 5-cent.us>

Whoops, sorry, thought this was offlist.

      mark, not reading closely enough.

m.roth at 5-cent.us wrote:
> Ljubomir,
>
> Ljubomir Ljubojevic wrote:
>> On 01/03/2012 04:47 PM, m.roth at 5-cent.us wrote:
>>> Having been on vacation, I'm coming in very late in this....
>>>
>>> Les Mikesell wrote:
>>>> On Tue, Jan 3, 2012 at 4:28 AM, Bennett
>>>> Haselton<bennett at peacefire.org>
>>>> wrote:
>>> <snip>
>>>>> OK but those are *users* who have their own passwords that they have
>>>>> chosen, presumably.  User-chosen passwords cannot be assumed to be
>>>>> secure against a brute-force attack.  What I'm saying is that if
>>>>> you're the only user, by my reasoning you don't need fail2ban if
>>>>> you just use a 12-character truly random password.
>>>>
>>>> But you aren't exactly an authority when you are still guessing about
>>>> the cause of your problem, are you?  (And haven't mentioned what your
>>>> logs said about failed attempts leading up to the break in...).
>>>
>>> Further, that's a ridiculous assumption. Without fail2ban, or something
>>> like it, they'll keep trying. You, instead, Bennett, are presumably
>>> generating that "truly random" password[1] and assigning it to all your
>>> users[2], and not allowing them to change their passwords, and you will
>>> be
>>> changing it occasionally and informing them of the change.[3]
>>>
>>> Right?
>>>
>>> 1. How will you generate "truly random"? Clicks on a Geiger counter?
>>> There is no such thing as a random number generator.
>>> 2. Which, being "truly random", they will write down somewhere, or
>>> store
>>> it on a key, labelling the file "mypassword" or some such.
>>> 3. How will you notify them of their new password - in plain text?
>>
>> Bennet was/is the only one using those systems, and only as root. No
>
> Ohhhh....
>
>> additional users existed prior to breach. And he is very persisting in
>> placing his own opinion/belief above those he asks for help. That is why
>
> So he's not only not wanting to accept that he blew it, but wants
> "validation" for that wrongheadedness.
>
>> we have such a long long long thread. It came to the point where I am
>> starting to believe him being a troll. Not sure yet, but it is getting
>> there.
>
> As long as no one's giving him support in his ideas, he's now got someone
> outside himself (and the intruder) to be against. Just like the US right
> wing....
>>
>> I am writing this for your sake, not his. I decided to just watch from
>> no on. This thread WAS very informative, I did lear A LOT, but enough is
>> enough, and I spent far to much time reading this thread.
>
> Thanks for the offlist email. Happy new year to you.
>
>       mark
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>