On Sun, Dec 22, 2013 at 2:06 AM, Greg Woods wo...@ucar.edu wrote:
On Sat, 2013-12-21 at 10:22 +, Patrick O'Callaghan wrote:
Keepass and friends are worthy alternatives, but AFAIK they aren't
usable from phones.
I use Keepassdroid on an Android phone and it works just fine. It's a
bit
On Sun, Dec 22, 2013 at 2:12 AM, bruce badoug...@gmail.com wrote:
since this has been hijacked to be a thread regarding passwds..
why don't you relabel the topic...
Maybe, if it goes on much longer. However I would hardly call this
hijacking. It has drifted a little from the original topic,
On Fri, Dec 20, 2013 at 9:34 PM, Rick Stevens ri...@alldigital.com wrote:
Seconded. I use keepassx as well. My database is on a VFAT partition on
a 1G USB Flash drive I carry with me with a second copy on my Droid
phone...just in case I need it.
Keepass and friends are worthy alternatives,
On Sat, 2013-12-21 at 10:22 +, Patrick O'Callaghan wrote:
Keepass and friends are worthy alternatives, but AFAIK they aren't
usable from phones.
I use Keepassdroid on an Android phone and it works just fine. It's a
bit clunkier than on a desktop, but then, isn't everything? I manually
ok guys..
since this has been hijacked to be a thread regarding passwds..
why don't you relabel the topic...
On Sat, Dec 21, 2013 at 9:06 PM, Greg Woods wo...@ucar.edu wrote:
On Sat, 2013-12-21 at 10:22 +, Patrick O'Callaghan wrote:
Keepass and friends are worthy alternatives, but
Allegedly, on or about 19 December 2013, Greg Woods sent:
it is very risky to use the same password at multiple locations, even
if it is an easy-to-remember but hard-to-guess password.
It definitely is, and I've seen the results, even on the more benign
side of things.
e.g. A fool uses some
Have you seen this one. Only for RHEL5 so a bit out of date but much
of it will still apply.
http://www.nsa.gov/ia/_files/os/redhat/NSA_RHEL_5_GUIDE_v4.2.pdf
On Thu, Dec 19, 2013 at 3:05 AM, bruce badoug...@gmail.com wrote:
Hey guys. - subject says it all!!
For a basic centos/fedora install.
On Fri, Dec 20, 2013 at 8:05 AM, Tim ignored_mail...@yahoo.com.au wrote:
e.g. A fool uses some webservice that asks you to log in with your
hotmail username and password, so they do, despite the face that this
webservice is not hotmail.
Not quite what you're saying but tangentially related:
On 12/20/2013 09:24 PM, Patrick O'Callaghan wrote:
On Fri, Dec 20, 2013 at 8:05 AM, Tim ignored_mail...@yahoo.com.au
mailto:ignored_mail...@yahoo.com.au wrote:
e.g. A fool uses some webservice that asks you to log in with your
hotmail username and password, so they do, despite the
On Fri, Dec 20, 2013 at 10:40 AM, Roger are...@bigpond.com wrote:
On 12/20/2013 09:24 PM, Patrick O'Callaghan wrote:
On Fri, Dec 20, 2013 at 8:05 AM, Tim ignored_mail...@yahoo.com.au wrote:
e.g. A fool uses some webservice that asks you to log in with your
hotmail username and password,
On Fri, 2013-12-20 at 18:35 +1030, Tim wrote:
Allegedly, on or about 19 December 2013, Greg Woods sent:
it is very risky to use the same password at multiple locations, even
if it is an easy-to-remember but hard-to-guess password.
It definitely is, and I've seen the results, even on the
Allegedly, on or about 20 December 2013, Greg Woods sent:
The eventual point of this is that there is really no such thing as a
hard-to-guess and easy-to-remember password. It's one thing to have a
password like purplepolkadotsonmydog, but another to remember
whether that password was for
On Fri, Dec 20, 2013 at 5:06 PM, Tim ignored_mail...@yahoo.com.au wrote:
It gets worse if you use multiple computers. It's a nightmare trying to
do something that's accessible on all, and secure. Whether that be
letting applications remember passwords, and I'm severely pissed with
browsers
2013/12/20 Patrick O'Callaghan pocallag...@gmail.com
On Fri, Dec 20, 2013 at 5:06 PM, Tim ignored_mail...@yahoo.com.au wrote:
It gets worse if you use multiple computers. It's a nightmare trying to
do something that's accessible on all, and secure. Whether that be
letting applications
On 12/20/2013 01:27 PM, Dennis Kaptain issued this missive:
2013/12/20 Patrick O'Callaghan pocallag...@gmail.com
mailto:pocallag...@gmail.com
On Fri, Dec 20, 2013 at 5:06 PM, Tim ignored_mail...@yahoo.com.au
mailto:ignored_mail...@yahoo.com.au wrote:
It gets worse if you use
Allegedly, on or about 18 December 2013, Rick Stevens sent:
3. Make sure you enforce complex passwords and require them to be
rotated at least every 90 days.
I take issue with the continually changing passwords idea.
If you get hacked, changing the password after the event is too late.
And if
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/19/2013 12:16 PM, Tim wrote:
You really need something that detects attempt to crack passwords,
responds appropriately to thwart the attacks while they happen,
and immediately notifies you that an attempt is happening as it
happens (e.g.
If you have not installed it, install denyhosts...it watches for ssh
password attacks and locks out hosts automatically.
It does limit the number of attempts someone gets before being
completely locked out.
On Thu, Dec 19, 2013 at 11:22 AM, Mark Haney mha...@practichem.com wrote:
-BEGIN
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/19/2013 12:44 PM, Roger Heflin wrote:
If you have not installed it, install denyhosts...it watches for
ssh password attacks and locks out hosts automatically.
Yes, denyhosts is also a good package and one I've forgotten about.
Thanks for
On 12/18/2013 11:05 AM, bruce wrote:
Hey guys. - subject says it all!!
For a basic centos/fedora install. Need to have
pointers/docs/suggestions/solid steps to actually harden/secure a
system.
I've looked at a bunch of different articles/sites, so I'm also turning here.
Also, are there
On Thu, Dec 19, 2013 at 5:16 PM, Tim ignored_mail...@yahoo.com.au wrote:
If you get hacked, changing the password after the event is too late.
And if they installed a backdoor, changing your password will be
completely pointless.
If you haven't been hacked, you're just making life harder for
guys..
The project that the corrupt system is going to be driving will create
a distributed network of systems, where the edge systems, are tied
back into the central server(s). Think of the BOINC/SETI project,
where you have a bunch of edge systems doing work and communicating
back to the master
On Friday 20 of December 2013 03:46:13 Tim wrote:
Allegedly, on or about 18 December 2013, Rick Stevens sent:
3. Make sure you enforce complex passwords and require them to be
rotated at least every 90 days.
I take issue with the continually changing passwords idea.
using rotated
On Fri, 2013-12-20 at 03:46 +1030, Tim wrote:
Allegedly, on or about 18 December 2013, Rick Stevens sent:
3. Make sure you enforce complex passwords and require them to be
rotated at least every 90 days.
I take issue with the continually changing passwords idea.
I agree with you on this
Hey guys. - subject says it all!!
For a basic centos/fedora install. Need to have
pointers/docs/suggestions/solid steps to actually harden/secure a
system.
I've looked at a bunch of different articles/sites, so I'm also turning here.
Also, are there any good (i know) security lists/resources
As it in not common to be hacked on linux, and linux is really strong after
install, perhaps you could specify a little under what conditions you were
hacked. Was a physical intrusion? communicational? software? a web page? an
open service or port? an injection? stolen passwd? Normally, hacking
On 12/18/2013 09:05 AM, bruce issued this missive:
Hey guys. - subject says it all!!
For a basic centos/fedora install. Need to have
pointers/docs/suggestions/solid steps to actually harden/secure a
system.
I've looked at a bunch of different articles/sites, so I'm also turning here.
Also,
Common rootkits that exploit weaknesses of old systems. I'd say it's
enough to keep updated systems. If want some more hardening, close
opened ports, use a firewall or iptables, create a DMZ, use strong
passwords, disable unneeded services.
Re included the list. There are people who reads the
28 matches
Mail list logo