[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Found, a new rootkit



Craig White wrote:


it's actually the fault of the admins who don't use any password
checking mechanisms, but I suppose that it's more feasible to blame
stupid users...of course, I would never do such a thing  ;-)

There is quite a deal of well-reasoned debate about what constitutes a good password.

First, one needs to be able to remember it without writing it down. This meets Windows AD complexity requirements,

10:72:94:e5:64:d5:68:51:d1:55:c0:2b:e5:4e:7f:fa

but I defy anyone to remember it any time soon!

"bismcoles" would probably be easy for Bill Smith to remember, and would certainly defy any dictionary attack. As would "bluewatermelon."

The expect package has a password generator that creates passwords like this, but again they're hard to remember: "et3tUfGd."


A reasonable security system would shut down the login process for a time after some number of consecutive failed login attempts. It's a rule that's been around for a long time, it's even in Linux, but implemented poorly.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]