[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Found, a new rootkit



On Friday 31 March 2006 19:42, John Summerfield wrote:
>Craig White wrote:
>> it's actually the fault of the admins who don't use any password
>> checking mechanisms, but I suppose that it's more feasible to blame
>> stupid users...of course, I would never do such a thing  ;-)
>
>There is quite a deal of well-reasoned debate about what constitutes a
>good password.
>
>First, one needs to be able to remember it without writing it down.
> This meets Windows AD complexity requirements,
>
>10:72:94:e5:64:d5:68:51:d1:55:c0:2b:e5:4e:7f:fa
>
>but I defy anyone to remember it any time soon!
>
>"bismcoles" would probably be easy for Bill Smith to remember, and
> would certainly defy any dictionary attack. As would
> "bluewatermelon."
>
>The expect package has a password generator that creates passwords
> like this, but again they're hard to remember: "et3tUfGd."
>
>
>A reasonable security system would shut down the login process for a
>time after some number of consecutive failed login attempts. It's a
> rule that's been around for a long time, it's even in Linux, but
> implemented poorly.

And how does one go about turning that option on, with say a 15 minute 
timeout?
-- 
Cheers, Gene
People having trouble with vz bouncing email to me should add the word
'online' between the 'verizon', and the dot which bypasses vz's
stupid bounce rules.  I do use spamassassin too. :-)
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2006 by Maurice Eugene Heskett, all rights reserved.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]