How Can We Create Secure Passwords?
What makes a password secure? We have to keep the bad guys out while letting the legitimate user in. We need to protect authentication and prevent user identity masquerading or spoofing, so it must be impractical for the attacker to guess it. I didn’t say “impossible” because any string could be guessed eventually. But impractical, […]
Skimming, leaking and guessing — some followups to earlier posts
One thing that’s difficult when I teach course 468, System and Network Security Introduction, or anything else, for that matter, is to follow up on topics we’ve discussed in the past. The format of a blog, however, makes this quite easy. Here a few follow-ups from earlier posts. In Real Keylogging Threats I talked about point-of-sale […]
Is This A Real Dip In Password Guessing? And If So, What Does It Mean?
I’m quite certain that I’m seeing a trend. I just don’t know what the trend means. SSH password guessing attacks used to be almost constant. Any Internet-connected host running an SSH service would be probed frequently. But things have been changing over the past year. I collect data on about ten publicly reachable Linux machines […]