http://www.eccouncil.org/ has been hacked again. Awesome the group that publishes the C|EH Cert. Reason's not to get it.
From the site:
"Defaced again? Yep, good job reusing your passwords morons jack67834#"
Realistically they should have followed the rules that they teach. I
will use the STIG's as guidelines. The password they chose does not
qualify for those simple guidelines.
http://www.stigviewer.com/check/V-11947 must require passwords contain a minimum of 14 characters.
http://www.stigviewer.com/check/V-11948 must require passwords to contain at least one uppercase alphabetic character.
http://www.stigviewer.com/check/V-11972 must require passwords to contain at least one numeric character.
http://www.stigviewer.com/check/V-11973 must require passwords to contain at least one special character.
http://www.stigviewer.com/check/V-11975 must require passwords to contain no more than three consecutive repeating characters.
http://www.stigviewer.com/check/V-11976 Passwords must be changed every 60 days.
http://www.stigviewer.com/check/V-11977 All non-interactive/automated processing account passwords must be changed at least once per year or be locked.
I have scripts that will set this all up automatically for Linux/UNIX.
No comments:
Post a Comment