Debian Locks Out Developers

← Back to Stories (view on slashdot.org)

Posted by ryuzaki0 on Thursday July 13, 2006 @03:24PM from the in-the-name-of-safety dept.

daria42 wrote in with an update to an earlier story about a Debian server that was compromised. He explains: "The Debian GNU/Linux project has discovered a compromised developer account was used to gain access to a server compromised this week. A local kernel vulnerability was then used to gain root access. Due to this, a number of developers with weak passwords have been locked out of their system accounts." To be fair, they'll most likely be let in once everything's back to normal. Of course, they'll probably need to set safer passwords too.

15 of 331 comments (clear)

libpam-cracklib by dduardo · 2006-07-13 15:37 · Score: 4, Funny

Time to enforce a 200 character minimum for passwords.
1. Re:libpam-cracklib by StarkRG · 2006-07-13 16:37 · Score: 2, Funny
  
  And while you're at it, no repeated characters either. Time to break out the chinese input program!
If only they'd... by a_greer2005 · 2006-07-13 15:46 · Score: 4, Funny

been running with the stability and security of Windows Server, they wouldnt have had this happen. They would have kept their service up and agile for the furtherance of the enterprising endvors of hacking...er...uhhh...computer science research.
Bill G.
B...b...b... by htnprm · 2006-07-13 15:59 · Score: 5, Funny

...but it's Linux!
Fresh Change by 1trickymicky · 2006-07-13 16:25 · Score: 2, Funny

For once it's not a compromised windows based system we're waiting for a bug fix on...
*gasp*! by grasshoppa · 2006-07-13 16:33 · Score: 4, Funny

Goodness, no! This might push them behind schedule!

--
Mod me down with all of your hatred and your journey towards the dark side will be complete!
Re:WTF?!!! by linvir · 2006-07-13 16:47 · Score: 5, Funny

Old password: > ****** New password: > ***** Retype new password: > ***** WARNING This is a really stupid password, the kind that would put this entire computer at risk. Are you sure you want to continue? [ Y / n ] > Y BASTARD Okay then, fuck you. Your account has been completely cleared out, to help you understand the importance of choosing a secure password. Now, let's try again, shall we? Old password: >
Re:back to normal by Ohreally_factor · 2006-07-13 17:32 · Score: 4, Funny

They're only locking out the developers who used the password "tux".

--
It's not offtopic, dumbass. It's orthogonal.
Re:Ah. balance by finiteSet · 2006-07-13 17:49 · Score: 5, Funny
That wonderful feeling of making the password hard to guess, but easy to recall.
If you are like me, it seems like almost everyday the bank or eBay is emailing about a new upgrade to the system, one that requires entering your old and new passwords, social security numbers, bank account numbers, and so on. Accordingly, I've developed some simple tips for coming up with making a hard-to-crack but easy-to-remember password:
- Short but strong: you can make the password relatively short (e.g. one character) so that it is easy to remember, but random enough to be hacker-proof. Do you really think someone would guess 'q' or 'z' ?
- Long but simple: if you are unsatisfied with the previous strategy, try this one on for size: the longer the better. So instead of 'a', you might want to use 'aaaaaaaaaaaa'. ('0000000' works, too.)
- Mirror Mirror: use your username as your password and cut the memory load in half!
- Long and strong: for the absolutely mission critical stuff, you may have to spice it up. Pair a common dictionary word, like 'dog', 'log' or 'hog' with a small digit ('1', '2', and so on), and you're golden.
- Final Notes: don't forget to recycle your old passwords and - please - keep a public list!
--
If we start buying CDs then the terrorists have already won.
Re:Ah. balance by Millenniumman · 2006-07-13 18:14 · Score: 5, Funny

"and starting today, all passwords must contain letters, numbers, doodles, sign language and squirrel noises."

--
Stupidity is like nuclear power, it can be used for good or evil. And you don't want to get any on you.
Re:Passwords by Lehk228 · 2006-07-13 18:29 · Score: 2, Funny

dictionary attack with custom dictionaries (star wars, star trek, LoTR, DnD, Shadowrun, david weber, william gibson)

that will result in a devastating number of password cracks.

--
Snowden and Manning are heroes.
Re:Ah. balance by corychristison · 2006-07-13 19:23 · Score: 3, Funny

I like nice, long, random passwords. 16+ characters. I have no problem remembering them, and I use dozens for lots of different things.
Your new Debian password. by Savage-Rabbit · 2006-07-13 21:05 · Score: 5, Funny

Dear Mr finiteSet,
To punish you for using such a weak password to your Debian developer account we have changed your password to the following:
!_@m_@n_!ns3ns!t!v3_cl0d_wh0_us3s_w3@k_p@ssw0rds_b ut_!_pr0m!s3_n0t_t0_d0_!t_@g@!n_s0_l0ng_@s_!_l!v3

Enjoy
The Debian team

--
Only to idiots, are orders laws.
-- Henning von Tresckow
Chip and Pin by giafly · 2006-07-13 22:17 · Score: 4, Funny
I use my credit card Chip and Pin number as my password. If you do the same, you'll be completely secure, because it's the one thing that cannot be forged. Don't just take my word for it, check out these quality endorsements:
- "Your PIN cannot be forged" - Halifax Bank
- "the PIN can't be forged" - Alliance & Leicester
- "the PIN, unlike a signature, cannot be forged" - extra direct Banking
--
Reduce, reuse, cycle
Re:howto: strong passwords by kchrist · 2006-07-14 06:59 · Score: 2, Funny

I have seen six dups on Slashdot this week.

That's far too easy to guess.

--
Web consulting +