[Labs-l] 2-factor shell auth (was:second attempt to request alternative login server)
Petr Bena
benapetr at gmail.com
Wed Mar 6 19:19:23 UTC 2013
Really? When it happened and why there was no announcement? I am using
labs almost since they exist and it was impossible to send e-mails
from beginning... How they managed to do that?
On Wed, Mar 6, 2013 at 8:17 PM, Leslie Carr <lcarr at wikimedia.org> wrote:
> On Wed, Mar 6, 2013 at 11:12 AM, Petr Bena <benapetr at gmail.com> wrote:
>> Do you know that we are talking about labs and not production? I don't
>> want to look like some insecure-stuff loving guy - but why in the
>> world someone wanted to brute force into labs? If I was hacker and I
>> wanted to get into labs - I would just request an account and I would
>> get it...
>>
>
> We have already had an incident in labs where hackers gained access to
> instances and were using it for scam mail. Even if it's not a
> targeted attack, people will try to brute force any public ip to gain
> access for spamming or other nefarious purposes.
>
>> Do we need some high tech security here?
>>
>> On Wed, Mar 6, 2013 at 7:45 PM, Leslie Carr <lcarr at wikimedia.org> wrote:
>>> On Wed, Mar 6, 2013 at 10:19 AM, Matthew Walker <mwalker at wikimedia.org> wrote:
>>>>> [removed garbage about password auth being wonderful...]
>>>>
>>>> I don't feel passwords are any more or less secure than keys. In some cases
>>>> keys can be even less secure if you're doing agent forwarding.
>>>
>>> Yes passwords are less secure than keys - egads. The amount of
>>> entropy in a key makes it impossible to brute force in this day and
>>> age (https://www.youtube.com/watch?v=BA6kG-tOkBs) versus passwords
>>> which have much less entropy. You should still password protect your
>>> key in case your laptop/key storage is accessed.
>>>
>>> --
>>> Leslie Carr
>>> Wikimedia Foundation
>>> AS 14907, 43821
>>> http://as14907.peeringdb.com/
>>>
>>> _______________________________________________
>>> Labs-l mailing list
>>> Labs-l at lists.wikimedia.org
>>> https://lists.wikimedia.org/mailman/listinfo/labs-l
>>
>> _______________________________________________
>> Labs-l mailing list
>> Labs-l at lists.wikimedia.org
>> https://lists.wikimedia.org/mailman/listinfo/labs-l
>
>
>
> --
> Leslie Carr
> Wikimedia Foundation
> AS 14907, 43821
> http://as14907.peeringdb.com/
>
> _______________________________________________
> Labs-l mailing list
> Labs-l at lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/labs-l
More information about the Labs-l
mailing list