hacked - looking for doc/suggestions on hardening/securing systems from the start

Tethys tethys at gmail.com
Thu Dec 19 18:10:48 UTC 2013


On Thu, Dec 19, 2013 at 5:16 PM, Tim <ignored_mailbox at yahoo.com.au> wrote:

> If you get hacked, changing the password after the event is too late.
> And if they installed a backdoor, changing your password will be
> completely pointless.
>
> If you haven't been hacked, you're just making life harder for yourself,
> trying to remember all these passwords.  Or making things less secure,
> because you have to write them down.

Correct. There was a paper published a while back (I wish I could find
a reference, but my google-fu is failing me right now) that showed
enforcing strong passwords and frequent changes reduced overall
security, among other reasons because users tended to write them down
rather than remember them.

Also, in this situation, changing passwords at all on the system is
madness. The only sane option is a complete reinstall (yes, using
different passwords). You don't know what the intruder has left on
your system. A fresh OS install and a scan of your data for hidden
nastiness is needed.

Tet

-- 
"Java is a DSL for taking large XML files and converting them to stack
traces" -- Bulat Shakirzyanov


More information about the users mailing list