Hi
Got forwarded an interesting mail from a friends security manager who is contesting that their machines are at risk from "password guessing" as in the gpu monster thing detailed in the article he is circulating:
http://securityledger.com/new-25-gpu...ds-in-seconds/
Been through the same pain where security disabled all local passwords in favour of SSH keys and RSA.
Could it be construed that perhaps there are vulnerabilities in the company infrastructure (firewalls and network)?
I ask because as I see it, if you limit the network access by mac address and monitor failed attempts then surely the risk has to come from the inside?
And if the risk is on the inside then you have to commission 25 internal machines to password crack what can be found on the network that can be reached to make the article valid?
He also tells me that a number of their Linux servers have an uptime of 400+ days. Surely these "internet facing" Unix boxes are more of a risk than having local passwords disabled?
Thanks for any feedback.
Kevin