Slashdot Mirror

← Back to Stories (view on slashdot.org)

Debian Locks Out Developers

Posted by ryuzaki0 on from the in-the-name-of-safety dept.

daria42 wrote in with an update to an earlier story about a Debian server that was compromised. He explains: "The Debian GNU/Linux project has discovered a compromised developer account was used to gain access to a server compromised this week. A local kernel vulnerability was then used to gain root access. Due to this, a number of developers with weak passwords have been locked out of their system accounts." To be fair, they'll most likely be let in once everything's back to normal. Of course, they'll probably need to set safer passwords too.

5 of 331 comments (clear)

  1. Ah. balance by Kid+Zero · · Score: 5, Insightful

    That wonderful feeling of making the password hard to guess, but easy to recall.

  2. password requirements by PetriBORG · · Score: 5, Insightful

    Hopefully then they will also implement a good set of password rules and enforce them to protect themselves from future problems. Where I work they require 3 out of the 4 rules to be met such as mixed case, numbers and special characters... of course they also make us change our password every 30 days so i've discovered that people have taken to doing things like Asdf1234 and then when the password requires changing changing it to Asdf2345... Doh.

    --
    Pete/Petri "damn, my chainsaw is clogged with 1's and 0's again." --clyde
  3. ssh2 keys? by saleenS281 · · Score: 5, Insightful

    Why don't they just have the developers use ssh2 keys? I didn't know anyone actually used passwords on secure systems for authentication...

  4. Re:I wonder... by Anonymous Coward · · Score: 5, Insightful

    Did you fail to understand what a remote exploit is?

    Here, let's try an analogy. In this case someone left the door to the building unlocked. A burglar got in. He then methodically cracked the safe, and took the money from within.
      Following this, "MSFanBoi" posts to slashdot making a false equivalency between that and the Win building where the locks were defective and the money was taken from where it was sitting on the floor. (The windows exploits being criticised are remote, the linux exploit was local-only. In the latter, you have to actually break in before they are useful.)
      Do you still fail to see the difference?

  5. howto: strong passwords by dune73 · · Score: 5, Insightful

    If you are in need of a strong password, use the following recipe:

    Think of a sentence with 6-10 words with a number in it.
    - The number can be inside one of the words.
    - If you manage to have multiple Capital words in the sentence, your password gets stronger.

    Then take the first letter and write the numbers as digit, include the point,
    question mark, exclamation point at the end and you got a strong password.

    Today i ate two buns for breakfast! -> Tia2bfb!
    I have seen six dups on Slashdot this week. -> Ihs6doStw.
    Can you memorize all four new passwords? -> Cyma4np?
    And today: A new password for my debian account! -> At:1npfmda!

    Works fine for me and is fairly easy to memorize.