The Optimum Attack Rate For SSH Bruteforce? Once Every Ten Seconds 167
badger.foo writes "Remember the glacially slow Hail Mary Cloud SSH bruteforcers? They're doing speedup tweaks and are preparing a comeback, some preliminary data reported by Peter Hansteen appear to indicate. The optimum rate of connections seems to be 1 per ten seconds, smack in the middle of the 'probably human' interval."
WTF, Editors? (Score:0, Insightful)
WTF is a "Hail Mary Cloud"?
I clicked the link in the summary, which talks about something I'm supposed to "remember", but must have missed the first time it was discussed. That goes to another summary that also doesn't explain what it is, but also mentions that it's been discussed before. Then I click the link on that summary and I get a big long page of information.
Does anyone review submissions at all before they go live?
Re:Passwords are for philistines (Score:4, Insightful)
Re:Passwords are for philistines (Score:5, Insightful)
Re:Passwords are for philistines (Score:5, Insightful)
Once someone has your key, it's no more secure than your password.
Whether the token is something you know, something you are, or something you have, it *all* becomes useless once someone else has it. That's not really the issue here. The issue is brute-force attacks on SSH, and using a key makes them significantly more difficult than passwords.
Stealing someone's key/password is not a brute-force attack.
Re:Funny, I was tweakin' my firewall this morning (Score:5, Insightful)
Re:Seems Easy To Detect (Score:5, Insightful)
Re:Passwords are for philistines (Score:5, Insightful)
That's nice in theory and all, but it depends on what that "something you are" is. Essentially we're talking about biometrics, so what are we measuring? Is it a thumbprint scan? Those have been defeated in the past by taking a thumbprint and replicating it by some means. Is it a DNA scan? Then they might just need to get ahold of your DNA.
Really, the "something you are" is still "something you have", but you "have" it attached to your body. That doesn't necessarily mean it can't be stolen or replicated somehow. Similarly, the "something you know" can also be considered to be "something you have", but you "have" it in your mind. In some circumstances, it can still be figured out or retrieved, or you might be tricked into providing it.
Real security isn't quite as simple as you make it sound.