On Wed, February 4, 2015 17:16, Lamar Owen wrote:.>
> Now, I have seen this happen, on a system in the wild, where the very
> first thing the attacker did was grab a copy of /etc/shadow, even with
> an interactive reverse shell and root access being had. So even when
> you recover your system from the compromise you have the risk of all
> those passwords being known, and unfortunately people have a habit of
> using the same password on more than one system.
>
> Further, lists of usernames and passwords have market value.
>
And the arbitrary change made to Anaconda deals with this difficulty
how, exactly?
Look, I am neither for nor against setting arbitrary standards for
user-passwords. In fact, his is what I do to generate system
passwords:
cat /proc/sys/kernel/random/entropy_avail
3459
openssl enc -base64 <<< $(head -c 32 /dev/random) | \
sed 's/\(....\)/\1:/g; s/.$//'
BuRd:f8qU:yY8M:pbtO:uDlw:D53k:whW+:eJtC:z8Tc:4zlo:hiIK
and discard the ':' which I provide simply to make it easier for me to
read and type the damn things (once).
My belief is that trust in such passwords is totally misplaced.
However, if such things makes you feel comfortable (like avoiding
crossing paths with a black cat or walking under ladders) then that is
your affair and who am I to disagree with your choice.
The change to Anaconda is not an issue because of what it is but for
how it was done; arbitrarily, without community input, and without
consideration of other points of view. That arrogant act was then
excused under the rubric of 'increased security'. It that part which
irritates me.
My indulgence in raising this issue at all is to highlight the
inappropriate responses that the human desire to do 'something',
'anything', no matter how pointless, so often trump considered
reflective contemplation of the problems and what options are
available to deal with them.
I am tired of reading of so much wasteful nonsense being excused under
the general heading of 'security'. And so I call people out on it
now. Prove to me that any increase of cost imposed on me by your
decision actually improves my security to a degree that the benefit is
measurably greater than the cost. And DO NOT discount my time as
having no value.
If you cannot prove that then just b*gger *ff. I may have to put up
with that crap for want of any viable alternative but, I am not going
to nod sagely and pretend that I agree just because currently that is
the socially acceptable way of receiving such professions of belief.
It is BS. It has always been BS. And it will always be BS.
There are no secure methods of public communication. One can only
attempt to increase the expense of surveillance to the point where the
value of the information received is less than the cost of getting it.
If someone values it highly enough then no amount of expense is going
to dissuade them and they will have it, eventually. If the cost of
surveillance is cheap enough then everything will be surveyed and
everyone will have access to your information.
But surely, it is the choice of the parties owning the information to
decide how much value it has and exactly how much expense is justified
in protecting it?
Access to computer systems has to considered from the point of view of
eventual compromise. Is not if, it is when, you are compromised. The
critical considerations are: how will you detect it; how much
penetration will result from each potential point of entry before it
is detected; and how much effort will it take to recover?
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3