Re: what percent of time are there unpatched exploits against default config?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 12/30/2011 11:02 PM, Alex Milojkovic wrote:
> I think the best password policy is the one you've never told anyone and never posted on a public mailing list.
> 
> How many of you out there know of cases where administrators' passwords were compromised by brute force?
> Can we take a count of that?

I know of plenty ... people contact security@xxxxxxxxxx all the time
after having their machines compromised by brute force.

Here are a couple of articles for you to read:

http://www.gtri.gatech.edu/casestudy/Teraflop-Troubles-Power-Graphics-Processing-Units-GPUs-Password-Security-System

http://www.pcpro.co.uk/blogs/2011/06/01/how-a-cheap-graphics-card-could-crack-your-password-in-under-a-second/

> 
> I believe in passwords. I don't believe in PKI. 
> It's a lot more likely that I will forget my laptop somewhere, or that someone will steal my usb key than that someone will guess my password and have opportunities to try it.
> PKI is convenience and if your password is 20-30 characters it will take long time to break it.
> 
> Password crack estimator
> http://www.mandylionlabs.com/documents/BFTCalc.xls
> 
> Spreadsheet is safe (take my word for it) ha,ha
> 
> Scenario of botnet with 1000 PCs making attempts to crack are password ain't gonna happen. 

You don't need a botnet of 1000 PCs ... you only need a couple of
graphics cards.

> 
> 
> -Alex


Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux