Date: Fri, 1 Dec 2000 18:10:55 -0500 From: Peter Chiu <pccb@yahoo.com> To: Garrett Gregory Cntr AMC/LGXI <GREGORY.GARRETT@SCOTT.AF.MIL> Cc: freebsd-security@FreeBSD.ORG Subject: Re[2]: Move along, nothing to see here. Re: Important!! Vulnerabili ty in standard ftpd Message-ID: <32502992254.20001201181055@ipfw.org> In-Reply-To: <21A918476AFBD311B0C80000D1ECF0FF01A865FC@vejxoisnte85.scott.af.mil> References: <21A918476AFBD311B0C80000D1ECF0FF01A865FC@vejxoisnte85.scott.af.mil>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Garrett, Friday, December 01, 2000, 10:44:42 AM, you wrote: GGCAL> Speaking from experience in a related case: GGCAL> I have had my website system hacked twice in the last year - BOTH times it GGCAL> happened because the hacker got into ANOTHER system where an individual with GGCAL> a trusted account had his userid and password stored on that server in a GGCAL> plain text file - they pogoed from that system with that userid and got GGCAL> in... GGCAL> The results from the investigation? There was nothing else I could do to my GGCAL> system to make it more secure - in fact I got kudos for it being as secure GGCAL> as it was. But as long as people keep info insecurly there's nothing you can GGCAL> do but keep watch and hope to catch them (and of course have good backup GGCAL> sets!). Implement ssh2 RSA login only (disable password login everywhere). Also make sure your users use a non-blank pass pharse. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?32502992254.20001201181055>