[SGVLUG] Login Question

Henry B Hotz hbhotz at oxy.edu
Wed Oct 30 11:32:20 PDT 2013


There isn't a single answer to that question. The attacker has some way to make attempts that doesn't involve the obvious login prompt.  Most commonly they've gotten access to the hashed passwords somehow (e.g. /etc/shadow), or else there is something, like a network exchange, which exposes material encrypted or hashed with the password. Then you try every password you can think of until you find the one that would generate the material you got.

The world of cybersecurity has gotten more serious. Google is handing out 10's of thousands of dollars each to multiple people who find ways to crack Chrome, and they typically leverage 15-20 different bugs for a single crack. The Mandiant report documents a single department in China with 3000+ employees devoted to hacking and stealing intellectual property. There are around 30 such organizations.

On Oct 29, 2013, at 9:21 PM, Rob Wilcox <e320r837i4031j316 at yahoo.com> wrote:

> How do brute-force attacks work 
> whereas legitimate users are locked out after 2 or 3 failures?
> 
> This is Robert and one of my non Linux friends asked me this question above.
> If and when Mr. Katz has free time could you answer this?
> If not then answer at our next SGVLUG in Nov.
> 
> Thanks!

Personal email.  hbhotz at oxy.edu






More information about the SGVLUG mailing list