(no subject)

To: debian-user@lists.debian.org
Subject: (no subject)
From: Brent Clark <bclark@eccotours.co.za>
Date: Fri, 14 Jul 2006 13:05:30 +0200
Message-id: <[🔎] 44B77A7A.2000800@eccotours.co.za>

Hey all

With the hack on Debian,s gluck machine and the writes up about it.
In the 5th paragraph of the following link:

http://www.zdnet.com.au/news/security/soa/Debian_locks_out_developers_after_server_hack/0,2000061744,39263432,00.htm

It reads
"An investigation of developer passwords revealed a number of weak passwords whose accounts have been locked in response," Schulze wrote.

My question is, how would they go about that? What tools or tests were needed to test whether an account has a strong or weak password.

The only thing I can think of is a foreach on the usernames and some type of brute force / dictionary attack. I suppose it would have been nice if they
mentioned the service / protocal that was compromised.

Just something I was thinking.

Kind Regards
Brent Clark

Reply to:

Follow-Ups:
- Re: (no subject)
  - From: Linas Žvirblis <0x0007@gmail.com>

Prev by Date: Re: Corrupt ISO downloads
Next by Date: Re: Removing USB memory
Previous by thread: Re: google earth error (opengl error)
Next by thread: Re: (no subject)
Index(es):
- Date
- Thread