[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Intrusion Update




On Mon, 30 Mar 2009, Mike McGrath wrote:

> For those not on the announce list:
>
> https://www.redhat.com/archives/fedora-announce-list/2009-March/msg00010.html
>

Oh!  I forgot something too, I've been waiting for this to go out so we
could discuss authentication mechanisms.  Passwords + ssh keys just aren't
the most secure method of authentication.  Our policy on private keys is
pretty clear now but there's always room for improvement.

So I'm not quite sure how to 'fix' this problem.  By that I mean, even if
we knew this attack was going to happen I'm not totally sure of a feasible
solution, using only free software, that we could have used to fix it.
Obviously a physical rsa key or the like would have worked but I don't
think we have the manpower nor budget to implement such a system.  So I
ask the list, any ideas?

	-Mike


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]