Intrusion Update
Mike McGrath
mmcgrath at redhat.com
Mon Mar 30 14:52:11 UTC 2009
On Mon, 30 Mar 2009, Mike McGrath wrote:
> For those not on the announce list:
>
> https://www.redhat.com/archives/fedora-announce-list/2009-March/msg00010.html
>
Oh! I forgot something too, I've been waiting for this to go out so we
could discuss authentication mechanisms. Passwords + ssh keys just aren't
the most secure method of authentication. Our policy on private keys is
pretty clear now but there's always room for improvement.
So I'm not quite sure how to 'fix' this problem. By that I mean, even if
we knew this attack was going to happen I'm not totally sure of a feasible
solution, using only free software, that we could have used to fix it.
Obviously a physical rsa key or the like would have worked but I don't
think we have the manpower nor budget to implement such a system. So I
ask the list, any ideas?
-Mike
More information about the infrastructure
mailing list