On 03/10/2007, Karl Larsen <[email protected]> wrote: > I have sure heard a LOT about security updates and I have had my own > problems. For years I thought the only thing necessary was a good root > password. This year I found out with ssh around you need a good password > for your own login name. My problem was caused by having a super poor > login password which was my last name. Since the login name was karl it > followed. > > Fixed that problem with a real hard password for karl and root has a > changable hard password. In my olden working days we had safes for State > Secrets and they had what were called "one hour" locks and 30 minute > burn protection. We changed the combination every 6 months. Drove me bats! > > So the question is this: If I have passwords that are safe for an > hour, is not my computer safe from tampering? I guess the Internet could > send you a file that works to discover passwords and then emails them to > the sender? But this is hard to do. Have a read of this: http://www.la-samhna.de/library/brutessh.html Jonathan. ps. You did erase and reinstall your system after it was compromised, right?