-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday, 2009-10-04 at 19:02 +0200, Per Jessen wrote:
All automated ssh attacks are looking for totally insanely simple passwords, like "password".
Not so totally insanely simple, not any more. I had a machine compromised about two years ago - the password for the account was a common English word, 7 characters with one vowel substituted by a '0'.
There is an utility in oS, I think it is called "john", with a database, that runs as cronjob and tries to crack users passwords. If it cracks one, it sends an email to root and the user. I removed it because it run for many hours at top cpu. The bad guys could be using something like that to generate the passwords. And we could use that utility also, for other reasons. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkrI/J8ACgkQtTMYHG2NR9Xo7wCdFOYdxsNvV4NP8usJ4hvfC7Xh nC4Anj2KZXdTRBvFDbL82C4h7GDB0OFK =l4j4 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org