Re: Have I been hacked?

To: debian-user@lists.debian.org
Subject: Re: Have I been hacked?
From: Brian <ad44@cityscape.co.uk>
Date: Wed, 14 Jan 2015 21:56:53 +0000
Message-id: <[🔎] 20150114215653.GC15925@copernicus.demon.co.uk>
In-reply-to: <[🔎] CAAr43iM8yv194fFbcyNs=xgMMCqTaUicKQRnqpDhJ7pD+3+AZg@mail.gmail.com>
References: <[🔎] 09012015001632.a7c9236b8b1d@desktop.copernicus.demon.co.uk> <[🔎] 3714920.DLpo8KHxcl@merkaba> <[🔎] CAAr43iMgLrUtSiitri17xOTaZ0Qvwip5eYMc1Z-Q+vSd_SSteg@mail.gmail.com> <[🔎] 54B08C3D.4090404@gmail.com> <[🔎] 54B09B89.5060906@gmx.com> <[🔎] 20150110150737298308714.NoCcsPlease@bob.proulx.com> <[🔎] 11012015175351.d973d8849991@desktop.copernicus.demon.co.uk> <[🔎] 20150111164247769857095.NoCcsPlease@bob.proulx.com> <[🔎] 12012015193541.dea84e875a35@desktop.copernicus.demon.co.uk> <[🔎] CAAr43iM8yv194fFbcyNs=xgMMCqTaUicKQRnqpDhJ7pD+3+AZg@mail.gmail.com>

On Wed 14 Jan 2015 at 18:52:06 +0900, Joel Rees wrote:

> 2015/01/13 5:17 "Brian" <ad44@cityscape.co.uk>:
> >
> > strikes me as a pretty good one for an ssh login. (I have capitalised
> > some letters for readability, not to add complexity). Personally, I find
> > it easy to remember and associate with ssh and my account. I cannot see
> > why it is not a good password for me.
> 
> Just remember that fail2ban only does temporary tarpitting, and only if the
> attacks are repeated to quickly.

How about

   http://whyscream.net/wiki/index.php/Fail2ban_monitoring_Fail2ban#Warning:_pick_the_right_jail

> > The automated probes wouldn't get close to cracking it.
> 
> Think of a bot farm continuously hitting a crowd of targets, once a second,
> cycling through spoofed IPs, using informed strategies instead of pure
> brute force. If they can spoof one IP, they can spoof another.

Does this increase the number of connections per second?

> > The danger might
> > be a directed attack - from friends, associates, colleagues etc. If they
> > knew about my fixation on Lewis Carroll they might have a go at breaking
> > in.
> 
> If they think you have something they want, people you don't know will find
> out about your interests. Blog posts, posts here, etc.

500,000.000 million on the internet at least. It's not my turn yet.

> > Actually, it would be ok as a password for banking access too. There
> > surely cannot be a banking site which does not take action after a
> > number of failed logins. Maybe not using fail2ban, but a similar
> > approach which protects both parties.
> 
> Means you end up going to the bank in person, to get the lock removed.

The telephone?

People would be heavily critical if a bank did not take steps to monitor
logins and act on unusual activity.

> Banks aren't perfect, though. You could come to considerable trouble
> should, for instance, a bank employee decide to do a little investigating
> passwords in her spare time, without permission.
> 
> But it's your bank account. Go for it.

I have no knowledge or control over what goes on in a bank, Why lose
sleep over worrying about it?

Reply to:

References:
- Re: Have I been hacked?
  - From: Brian <ad44@cityscape.co.uk>
- Re: Have I been hacked?
  - From: Martin Steigerwald <Martin@lichtvoll.de>
- Re: Have I been hacked?
  - From: Joel Rees <joel.rees@gmail.com>
- Re: Have I been hacked?
  - From: Jerry Stuckle <stucklejerry@gmail.com>
- Re: Have I been hacked?
  - From: scott <redhowlingwolves@gmx.com>
- Re: Have I been hacked?
  - From: Bob Proulx <bob@proulx.com>
- Re: Have I been hacked?
  - From: Brian <ad44@cityscape.co.uk>
- Re: Have I been hacked?
  - From: Bob Proulx <bob@proulx.com>
- Re: Have I been hacked?
  - From: Brian <ad44@cityscape.co.uk>
- Re: Have I been hacked?
  - From: Joel Rees <joel.rees@gmail.com>

Prev by Date: Re: Have I been hacked?
Next by Date: Re: Have I been hacked?
Previous by thread: Re: Have I been hacked?
Next by thread: Re: Have I been hacked?
Index(es):
- Date
- Thread