Jump to content

Weak Passwords are a threat to Linux


jboy
 Share

Recommended Posts

http://news.yahoo.com/s/pcworld/20070207/tc_pcworld/128823

 

Study: Weak Passwords Really Do Help Hackers

 

Todd R. Weiss, Computerworld Wed Feb 7, 4:00 PM ET

 

Left online for 24 days to see how hackers would attack them, four Linux computers with weak passwords were hit by some 270,000 intrusion attempts-- about one attempt every 39 seconds, according to a study conducted by a researcher at the University of Maryland.

 

Among the key findings: Weak passwords really do make hackers' jobs much easier. The study also found that improved selection of usernames and associated passwords can make a big difference in whether attackers get into someone's computer.

 

Using software tools that help hackers guess usernames and passwords, the study logged the most common words hackers tried to use to log into the systems. Cukier and two graduate students found that most attacks were conducted by hackers using dictionary scripts, which run through lists of common usernames and passwords in attempts to break into a computer.

 

Some 825 of the attacks were ultimately successful and the hackers were able to log into the systems.

 

The study was conducted between Nov. 14 and Dec. 8 at the school.

 

[excerpted from the link above; more details in the original article]

Link to comment
Share on other sites

This is from the "so-obvious-it's-painful" research department, apparently ;) - an interesting article, just the conclusion was a bit obvious.

LOL, true but the other point I have made before is for dictionary cracks it helps a lot if the username itself is not common if its an internet facing account....

If for instance you have ssh open (because you use it) then unless they find a valid username the password doesn't help....

Indeed what I found having a weak username is once they find a valid username they get all excited and regardless of the length and complexity of your password they keep going from more and more machines... if you don't do anytthing eventually you are inconvenienced by a DOS just from the pure weight of attacks.

 

So anyway.... my procedure is only have one external facing account and make it a complex one and not used as a normal user. Then block all other users from outside your own net...

When the crackers can't find a username they move on in my experience but once they find one your screwed anyway... even if you then remove that username they dumbly go on and on...

Link to comment
Share on other sites

This reminds me of a news article I read some years ago about an 8-year, multimillion dollar study--taxpayer funded, of course--of the causes of cars getting hit by trains. The researchers concluded that cars get hit by trains for two reasons:

1. The driver didn't see the train, or

2. the driver saw the train but thought he could make it across the track in time.

 

Apparently some people need a study to tell them this stuff.

 

Up next: Sun to rise in East tomorrow.

 

[edit: fixed incoherent sentence]

Edited by javaguy
Link to comment
Share on other sites

This reminds me of a news article I read some years ago about an 8-year, multimillion dollar study--taxpayer funded, of course--of the causes of cars getting hit by trains. The researchers concluded that cars get hit by trains for two reasons:

1. The driver didn't see the train, or

2. the driver saw the train but thought he could make it across the track in time.

 

Apparently some people need a study to tell them this stuff.

 

Up next: Sun to rise in East tomorrow.

 

[edit: fixed incoherent sentence]

Yep it really sounds like something striaght out of Dilbert....

I remember a while back BA made a big study about "air rage" ... somehow they didn't understand why people were still getting angry on flights after they cut back on alcohol?

Apparently several hundred thousand dollars later they found out that heavy smokers on long haul flights get a bit uppety?

I really wish I could get paid huge amounts for stating the bleeding obvious :D

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...