[CentOS] Another Fedora decision

Thu Feb 5 18:59:47 UTC 2015
Lamar Owen <lowen at pari.edu>

On 02/05/2015 10:34 AM, Always Learning wrote:
> On Thu, 2015-02-05 at 09:51 -0500, Lamar Owen wrote:
>
>> Those crackers who build these botnets are the ones who rent out 
>> botnet time to people who just was to get the work done. There is a 
>> large market in botnet time. 
> Surely its time for the Feds to arrest and change them ?

The Feds in which country?

> Gee thanks. I'll use it for root on every server ;-) 

Do note that now that it has been posted to a public list, while it was 
safe while unpublished, it would not be safe in the future.  I have in 
my possession a file of passwords from a compromised server here, from 
several years ago.  This was part of one of the slow-bruteforcer 
networks out there, and is one reason we now whitelist only needed 
outbound connections on port 22 and block all others on our two internet 
connections.

Incidentally, this particular slow bruteforcer didn't need root to 
operate.  The password list has about 65,000 passwords in it, some of 
which would have been considered strong passwords.  Well, until they 
made the list.  Your password is just about guaranteed to be on future 
lists.....

However, another password with similar characteristics would be fine.  
You just never want to use it on more than one server to be safe.....