Re: Debian Server restored after Compromise

To: debian-project@lists.debian.org
Subject: Re: Debian Server restored after Compromise
From: Bas Zoetekouw <bas@debian.org>
Date: Thu, 13 Jul 2006 20:18:27 +0200
Message-id: <[🔎] 20060713181827.GA4595@localhost.localdomain>
Mail-followup-to: debian-project@lists.debian.org
In-reply-to: <20060713175452.GS1655@finlandia.home.infodrom.org>
References: <20060713175452.GS1655@finlandia.home.infodrom.org>

Hi Martin!

You wrote:

> Debian Server restored after Compromise

Kudos to debian-admin for sorting out the situation so quickly!

> An investigation of developer passwords revealed a number of weak
> passwords whose accounts have been locked in response.

That's not good.  
Should we maybe implement a stricter password policy?  Or maybe only
allow pubkey ssh authentication?

-- 
Kind regards,
+----------------------------------------------------------------------+
| Bas Zoetekouw              | Sweet day, so cool, so calm, so bright, |
|----------------------------| The bridall of the earth and skie:      |
| bas@zoetekouw.net          | The dew shall weep thy fall tonight;    |
+----------------------------|                    For thou must die.   |
                             +-----------------------------------------+

Reply to:

Follow-Ups:
- Re: Debian Server restored after Compromise
  - From: "Gustavo Franco" <gustavorfranco@gmail.com>
- Re: Debian Server restored after Compromise
  - From: Steve Kemp <skx@debian.org>
- Re: Debian Server restored after Compromise
  - From: Andreas Tille <tillea@rki.de>
- Re: Debian Server restored after Compromise
  - From: Filippo Giunchedi <filippo@debian.org>

Prev by Date: Re: Update on compromise of gluck.debian.org, lock down of other debian.org machines
Next by Date: Re: Debian Server restored after Compromise
Previous by thread: Re: Update on compromise of gluck.debian.org, lock down of other debian.org machines
Next by thread: Re: Debian Server restored after Compromise
Index(es):
- Date
- Thread