INTL 3:770/1 3:770/3
REPLYADDR 68g.1499@etr6.net
REPLYTO 3:770/3.0 UUCP
MSGID: a4a2214a
REPLY: de27aaf1
PID: SoupGate-Win32 v1.05
On 1/29/24 5:00 AM, The Natural Philosopher wrote:
> On 29/01/2024 04:54, 68g.1499 wrote:
>> North Korea is not
>> going to spend five days worth of CPU time to crack your
>> little home Pi and its valuable horde of "Rick and Morty"
>> vids. Your home connection is likely too slow to be very
>> useful for launching broadscale attacks on other systems
>> as well.
>
> Indeed. I've two servers on the open internet with open ssh ports . In 8
> years although there is a constant stream of login attempts no one has
> guessed the correct user name - let alone the password.
Similar experiences here too and more like 15 years. They always
seem to use a list of "common usernames" and another list of
"common passwords". The 'smartest' one used some names from
the company e-mail acct. In short, all script kiddies - bots -
no pro/State-level stuff. Sorry to burst many egos, but really
is YOUR server WORTH five CPU-seconds by N.Korea ???
> People get paranoid about stuff they think they know about and forget
> the simple things.
Well ... there's $$$ in being a doom-sayer. Articles and
'news' (and security-ware vendors) always hype it up.
I get several End-Of-The-World mails from Norton every
single week.
You have to THINK about YOUR place on the hack-worthy
totem pole and THEN act accordingly.
For SSH I never ever use the default port - and that seems
to deter 99.9% of the bots right off. Limit max tries/sessions/
connections and that'll get rid of 99.9% of the remaining.
Movie-style "hacking" is just not WORTH it for home/smallbiz
systems. They go for the BIG stuff - banks/M$/SolarWinds/etc.
> A long but easily memorable string like my.cat.hates.PIZZA! will
> probably fall to a dictionary attack in a few thousand hours, but
> really, who cares?
It's OK to use more-obscure dictionary words, just break
it up with a few numbers/characters. 10-12 chars total
is more than bots are interested in trying to figure out.
Anyway, this way YOU can remember it, THEY can't be bothered
trying to work it out.
The continuing most-dangerous thing out there is not "hacking"
but "human factors" - esp mail-based ransomware and to some
degree "click-ware". Humans never look for the ".ru" or
whether the mail "smells right" - they just click the big
shiny link. Those are SO EASY to mass-distribute that if
even 0.05% fall for it they've made their money.
My successor is really really good with GiantCorp package
offerings but I'm afraid he's kinda thin on the skills to
actually analyze/research a smelly e-mail. So long as
he can say it's M$'s fault the nasty thing got through ...
> Sorry, you are not that important, and neither am I.
"Paranoia" is actually a mutant form of EGOTISM ...
where some nobody comes to think THEY are SO
important that giant spectral orgs and States are
gonna spend millions and CPU-years and thousands
of man-hours just to mess around with them.
Then comes the tinfoil wallpaper and hats and lead-
lined underwear... and then proof of conspiracy when
the cell reception gets crappy ...
--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
SEEN-BY: 10/0 1 15/0 90/1 103/705 105/81 106/201 128/260 129/305 135/225
SEEN-BY: 153/757 7715 218/0 1 601 700 840 870 930 220/70 221/1 6 226/17
SEEN-BY: 226/30 100 227/114 229/110 112 113 200 206 307 317 400 426
SEEN-BY: 229/428 470 550 616 664 700 240/1120 266/512 267/800 282/1038
SEEN-BY: 291/111 292/854 301/1 113 812 310/31 320/219 322/757 335/364
SEEN-BY: 341/66 342/200 396/45 460/58 633/280 712/848 770/1 3 100
SEEN-BY: 770/330 340 772/210 220 230 5020/400 1042 5058/104 5075/35
PATH: 770/3 1 218/840 221/6 301/1 218/700 229/426
|
