Security basics

Wed Oct 3 20:18:21 UTC 2007

On 03/10/2007, Karl Larsen <k5di at zianet.com> wrote:
>     I have sure heard a LOT about security updates and I have had my own
> problems. For years I thought the only thing necessary was a good root
> password. This year I found out with ssh around you need a good password
> for your own login name. My problem was caused by having a super poor
> login password which was my last name. Since the login name was karl it
> followed.
>
>     Fixed that problem with a real hard password for karl and root has a
> changable hard password. In my olden working days we had safes for State
> Secrets and they had what were called "one hour" locks and 30 minute
> burn protection.  We changed the combination every 6 months. Drove me bats!
>
>      So the question is this: If I have passwords that are safe for an
> hour, is not my computer safe from tampering? I guess the Internet could
> send you a file that works to discover passwords and then emails them to
> the sender? But this is hard to do.

Have a read of this:

http://www.la-samhna.de/library/brutessh.html

Jonathan.

ps. You did erase and reinstall your system after it was compromised, right?