Slashdot Mirror

← Back to Stories (view on slashdot.org)

Debian Locks Out Developers

Posted by ryuzaki0 on from the in-the-name-of-safety dept.

daria42 wrote in with an update to an earlier story about a Debian server that was compromised. He explains: "The Debian GNU/Linux project has discovered a compromised developer account was used to gain access to a server compromised this week. A local kernel vulnerability was then used to gain root access. Due to this, a number of developers with weak passwords have been locked out of their system accounts." To be fair, they'll most likely be let in once everything's back to normal. Of course, they'll probably need to set safer passwords too.

5 of 331 comments (clear)

  1. B...b...b... by htnprm · · Score: 5, Funny

    ...but it's Linux!

  2. Re:WTF?!!! by linvir · · Score: 5, Funny
    Old password:
    > ******
    New password:
    > *****
    Retype new password:
    > *****

    WARNING
    This is a really stupid password, the kind that would put this entire computer at risk.
    Are you sure you want to continue?
    [ Y / n ]
    > Y

    BASTARD
    Okay then, fuck you. Your account has been completely cleared out, to help you understand the importance of choosing a secure password.

    Now, let's try again, shall we?
    Old password:
    >
  3. Re:Ah. balance by finiteSet · · Score: 5, Funny
    That wonderful feeling of making the password hard to guess, but easy to recall.
    If you are like me, it seems like almost everyday the bank or eBay is emailing about a new upgrade to the system, one that requires entering your old and new passwords, social security numbers, bank account numbers, and so on. Accordingly, I've developed some simple tips for coming up with making a hard-to-crack but easy-to-remember password:
    • Short but strong: you can make the password relatively short (e.g. one character) so that it is easy to remember, but random enough to be hacker-proof. Do you really think someone would guess 'q' or 'z' ?
    • Long but simple: if you are unsatisfied with the previous strategy, try this one on for size: the longer the better. So instead of 'a', you might want to use 'aaaaaaaaaaaa'. ('0000000' works, too.)
    • Mirror Mirror: use your username as your password and cut the memory load in half!
    • Long and strong: for the absolutely mission critical stuff, you may have to spice it up. Pair a common dictionary word, like 'dog', 'log' or 'hog' with a small digit ('1', '2', and so on), and you're golden.
    • Final Notes: don't forget to recycle your old passwords and - please - keep a public list!
    --
    If we start buying CDs then the terrorists have already won.
  4. Re:Ah. balance by Millenniumman · · Score: 5, Funny

    "and starting today, all passwords must contain letters, numbers, doodles, sign language and squirrel noises."

    --
    Stupidity is like nuclear power, it can be used for good or evil. And you don't want to get any on you.
  5. Your new Debian password. by Savage-Rabbit · · Score: 5, Funny

    Dear Mr finiteSet,
    To punish you for using such a weak password to your Debian developer account we have changed your password to the following:
    !_@m_@n_!ns3ns!t!v3_cl0d_wh0_us3s_w3@k_p@ssw0rds_b ut_!_pr0m!s3_n0t_t0_d0_!t_@g@!n_s0_l0ng_@s_!_l!v3

    Enjoy
    The Debian team

    --
    Only to idiots, are orders laws.
    -- Henning von Tresckow