Tuesday, July 25. 2006
Rooted
bignose.org was rooted, probably around 2AM Pacific on 13. July 2006. Intrusion almost certainly was due to my own sloppiness. I am reasonably certain that my open ssh port, guessable passwords, and laxness in checking logs allowed someone using the brutessh2 script to get in.
It's pretty galling to fall prey to a braindead brute-force attack.
Despite my installation of Debian likely having been secure but for its mildly inept administration (read: me), I have installed OpenBSD nevertheless. While my passwords are no longer guessable, I have also turned off ssh password authentication entirely in favor of the much-superior public-key alternative.
If nothing else, it keeps this stuff out of my log files.
Comments
Display comments as
(Linear | Threaded)
"...the much-superior public-key alternative..."
Are you referring to the "identity" authentication method?
Are you referring to the "identity" authentication method?
Not quite. The "identity" method is the SSH1 version. SSH2 calls it "pubkey" (if I have my jargon straight).
Along with my other paranoia, I have SSH1 turned off entirely, and have "RSAAuthentication no" in sshd_config. The only method I am allowing is "PubkeyAuthentication yes"
Along with my other paranoia, I have SSH1 turned off entirely, and have "RSAAuthentication no" in sshd_config. The only method I am allowing is "PubkeyAuthentication yes"
Hey---comments that can reply to comments---awesome. (IMHO USENET is a much better format for back-and-forth discussions that typical blog comment sections.)
Anyhoo...
I'm wondering in what sense this public key encryption method is any more secure than straightup passwords. Isn't the private key stored somewhere on the host you're connecting from? (Sorry if I don't have that straight...getting late here...)
Anyhoo...
I'm wondering in what sense this public key encryption method is any more secure than straightup passwords. Isn't the private key stored somewhere on the host you're connecting from? (Sorry if I don't have that straight...getting late here...)
Privare keys are locked with passphrases.
That's one layer more than passwords alone, and it immediately locks out the brainded brute-force attacks to which I think I fell prey the other week. Sure, you can still shoulder-surf the guy at the next cubicle, swoop down on his laptop when he's getting coffee and forgot to lock it and get his access. Then again, you can still social-engineer your way in, too. Both are harder than getting a single password and using it.
The snoozenet has its moments, but it's got the tragedy of the commons in spades. Most groups are unreadable without gigantic killfiles. On the bright side, the Google empire archives it, which alone is a big step up for it. High traffic lists set up their own newsgroups, so you can search a whole bunch of them without knowing who hosts them all. It's a nice trick.
That's one layer more than passwords alone, and it immediately locks out the brainded brute-force attacks to which I think I fell prey the other week. Sure, you can still shoulder-surf the guy at the next cubicle, swoop down on his laptop when he's getting coffee and forgot to lock it and get his access. Then again, you can still social-engineer your way in, too. Both are harder than getting a single password and using it.
The snoozenet has its moments, but it's got the tragedy of the commons in spades. Most groups are unreadable without gigantic killfiles. On the bright side, the Google empire archives it, which alone is a big step up for it. High traffic lists set up their own newsgroups, so you can search a whole bunch of them without knowing who hosts them all. It's a nice trick.
Quicksearch
Categories
Syndicate This Blog
Blog Administration
Powered by
CAQ market price and underlying currency basket, 20050425-20061031 CAQ, officially "Principal-Protected Notes Based Upon a Group of Asian Currencies" is an exchange-traded echidna which marries a zero-coupon bond to a basket currency option. Click the
Tracked: Nov 02, 16:21