I have an up-to-date CentOS 6 with reasonable amount of ftp activity (a
dozen of network cameras uploading images every second 24x7).
The first issue was that the whole /var filesystem was about to get full,
because of huge ftp daemon log.
vsftpd.conf says:
# You may override where the log file
It's been an interesting if somewhat heated discussion. Figures the
fun ones come up when I'm away. ;)
The discussion of using Certs(PKI) vs Passwords to secure SSH seem to
be missing an important piece of the puzzle, and that to my mind is
attack vectors & target value.
The argument I saw agains
Drew wrote:
> In my case, the primary attack vector for hackers getting at my
> servers is via the web. Because I host primarily personal websites on
> my servers, the hackers motivation for breaking into my server (aside
> from 'it's there') is to turn the machine into a bot-net or host some
> vi
On 12/30/2011 11:02 PM, Alex Milojkovic wrote:
> I think the best password policy is the one you've never told anyone and
> never posted on a public mailing list.
>
> How many of you out there know of cases where administrators' passwords were
> compromised by brute force?
> Can we take a count
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am 30.12.2011 21:08, schrieb Karanbir Singh:
> On 12/30/2011 03:34 PM, James B. Byrne wrote:
>> Does anyone have a source for an rpm of this package that
>> runs on CentOS-6_x86_64 or can recommend a replacement for
>> it?
>
> consider using fpm instea
On Sat, Dec 31, 2011 at 05:43:54AM -0800, Drew wrote:
> The argument I saw against PKI is that's it's no more secure then
> regular passwords because your certificates are password protected
> anyways and stored on external media so they can be stolen and used to
> access the system.
Typical secur
> I'm in much the same situation,
> and would like to protect myself to a minimal extent.
> But I don't understand how a usb token (below) would help.
The 'token' in this case (a standard usb thumbdrive) is merely a
portable container for my ssh certificates and a copy of putty (when
I'm on a wind
Hello Johnny,
On Sat, 2011-12-31 at 08:13 -0600, Johnny Hughes wrote:
> Here are a couple of articles for you to read:
>
> http://www.gtri.gatech.edu/casestudy/Teraflop-Troubles-Power-Graphics-Processing-Units-GPUs-Password-Security-System
>
> http://www.pcpro.co.uk/blogs/2011/06/01/how-a-cheap-
On 12/31/2011 03:24 PM, Tilman Schmidt wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Am 30.12.2011 21:08, schrieb Karanbir Singh:
>> On 12/30/2011 03:34 PM, James B. Byrne wrote:
>>> Does anyone have a source for an rpm of this package that
>>> runs on CentOS-6_x86_64 or can recommen
On 12/31/2011 03:13 PM, Johnny Hughes wrote:
> On 12/30/2011 11:02 PM, Alex Milojkovic wrote:
>> I think the best password policy is the one you've never told anyone and
>> never posted on a public mailing list.
>>
>> How many of you out there know of cases where administrators' passwords were
>>
Hello Johnny,
On Sat, 2011-12-31 at 08:13 -0600, Johnny Hughes wrote:
> http://www.gtri.gatech.edu/casestudy/Teraflop-Troubles-Power-Graphics-Processing-Units-GPUs-Password-Security-System
>
> http://www.pcpro.co.uk/blogs/2011/06/01/how-a-cheap-graphics-card-could-crack-your-password-in-under-a-s
On Sat, Dec 31, 2011 at 8:13 AM, Johnny Hughes wrote:
>>
>> Scenario of botnet with 1000 PCs making attempts to crack are password ain't
>> gonna happen.
>
> You don't need a botnet of 1000 PCs ... you only need a couple of
> graphics cards.
>
If you have a stolen passphrase-protected ssh privat
Thanks Johnny,
Yes if you have console access to the server and can plug in the GPU and/or
have access to the password file.
Ok let me rephrase myself.
How many people have had their passwords cracked on Internet servers by means
available to them?
In other words gained root access by way of a T
This is all I found so far.
http://www.ducea.com/2011/08/31/build-your-own-packages-easily-with-fpm/
There is also a link to the main site in there as well. Not a lot on it.
D
On Saturday, December 31, 2011, Ljubomir Ljubojevic wrote:
> On 12/31/2011 03:24 PM, Tilman Schmidt wrote:
>> -BEG
The good thing about PKI is that it takes longer to break.
The bad thing about PKI is many admins keep many private keys in the same
spot.
So you figure out one password, many doors are open.
--Alex
-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
On Sat, Dec 31, 2011 at 1:50 PM, Alex Milojkovic
wrote:
>
> Ok let me rephrase myself.
> How many people have had their passwords cracked on Internet servers by means
> available to them?
> In other words gained root access by way of a TCP service.
Someone cracked my gmail password and sent what
> IP address allocation needs to be done smarter so that geographical regions
> can be isolated easier. And at some point it probably will be.
There already is that capability to some extent. Between geoip and the
RIR's, one can get a pretty good handle on which /8 or /16 blocks need
to be blocke
>> IP address allocation needs to be done smarter so that geographical
>> regions can be isolated easier. And at some point it probably will
>> be.
>
> There already is that capability to some extent. Between geoip and
> the RIR's, one can get a pretty good handle on which /8 or /16 blocks
> need t
On Sat, 2011-12-31 at 15:17 -0700, Ken godee wrote:
> >> IP address allocation needs to be done smarter so that geographical
> >> regions can be isolated easier. And at some point it probably will
> >> be.
> >
> > There already is that capability to some extent. Between geoip and
> > the RIR's, one
On 12/31/11 2:17 PM, Ken godee wrote:
> We've been thinking of using the MaxMind GeoIP Country database with
> Apache mod_geoip API to limit certain countries visiting our websites.
>
> Has anyone used this or have any input on it's usefulness?
the virus/worm folks will just move to open relays th
> On 12/31/11 2:17 PM, Ken godee wrote:
>> We've been thinking of using the MaxMind GeoIP Country database with
>> Apache mod_geoip API to limit certain countries visiting our websites.
>>
>> Has anyone used this or have any input on it's usefulness?
>
> the virus/worm folks will just move to open
Les Mikesell wrote:
> Someone cracked my gmail password and sent what seemed like an oddly
> small amount of spam from it.
gmail and hotmail must be very easy to crack,
or is there some check apart from the password?
> That doesn't work for web services open to the public. You need
> firewalls
On Sun, Jan 1, 2012 at 11:45 AM, Timothy Murphy wrote:
> Les Mikesell wrote:
>
>> Someone cracked my gmail password and sent what seemed like an oddly
>> small amount of spam from it.
>
> gmail and hotmail must be very easy to crack,
> or is there some check apart from the password?
>
>> That does
Yes, but this is left to every server admin to do. Then if some don't do it
and get hacked it pretty much defeats the rest if their "home" based servers
are used as bots.
What I'm talking about is a national policy using perimeter routers and
better netblock allocation.
The reason netblocks should
On 12/31/11 5:06 PM, Alex Milojkovic wrote:
> I think some of these changes are coming.
careful what you wish for, it may come true...
...those changes ARE coming, but they are coming at the request of the
movie and music industries who are trying to legislate the ability to
demand domain name
Hi,
Running CentOS5 with SpamAssassin v3.3.1-2.el5 installed via yum
I remember getting this error a while ago, and it was fixed, but
now it's happening again:
Subroutine Net::DNS::Resolver::Base::AF_INET6 redefined at
/usr/lib/perl5/5.8.8/Exporter.pm line 65.
at
/usr/lib/perl5/vendor_perl/5.8.
26 matches
Mail list logo
