On 10/3/2013 11:47 AM, peasthope@shaw.ca wrote:
From: Jerry Stuckle <jstuckle@attglobal.net> Date: Thu, 03 Oct 2013 09:27:28 -0400... [local user compromise(?) is] not where the leaks occur.If someone can review the greatest hazards or give a link to a document, that would help many of us.[Managing userids and passwords] not all that hard if you come up with a system.Clever idea. My system wasn't so simple and effective. Thanks, ... Peter E.
I don't know of a single place where that information is available.I've learned it from years (around 18) of programming on the internet, lots of newsletters and understanding how reported incidents occurred.
It used to be the biggest threat was things like key loggers being installed on users' computers by trojans, capturing passwords and sending them over the internet. But most people (at least the smart ones) are now running some type of anti-virus software which catches that entry. It is still a problem, but not as much as other ways. Plus, this being a Debian list, there are few Linux virii and trojans out there. Plus, running as a non-root user limits what a trojan can do.
But people using the same userid/password on multiple sites is still a huge problem. That's why hacking relatively innocuous sites to get userid/password lists is so big; they really don't care about breaking into that site (which typically isn't as secure as your bank, or good eCommerce sites, for instance). What they want are the userids and passwords which are also used on more secure sites. That's why the recommendation to use different passwords (even if you use the same userid) on different sites.
There are other ways also, but we're really getting off topic for this list. Jerry