@Daklon - eviltoast
  • 0 Posts
  • 7 Comments
Joined 1 year ago
cake
Cake day: June 3rd, 2023

help-circle

  • Tell me that you haven’t read it without telling me that you haven’t read it

    Owen has been put into the climate chamber by Jem Cheng, a research fellow at the Heat and Health Research Centre at the University of Sydney.

    It’s part of a world-first study all about finding out at what point heat becomes deadly. Fifteen years ago, scientists proposed an environmental threshold at which no person would be able to survive for six hours.

    But these conditions have never been tested on humans.

    Until now.

    “This study is all about human survivability,” Dr Cheng says.

    “So we are the first to actually put people in these environments to actually see, physiologically, what is happening to their core temperature or to their heart rate.

    What this new model shows is, when you take into account the limitations of human physiology, these upper wet-bulb temperature limits look as though they are much lower under certain types of conditions.”




  • If I’m bruteforcing a server and each time that I try an username/password my IP gets banned but suddenly one combination allows me to do 4-5 test ( any bigger number than previously) you are potentially telling me that this user is different (it exists) than the previous ones. Therefore you are doing the attack easier for me because now I know which users actually exist in the machine. It doesn’t matter if you are locking the attacker after the password was given.

    As others told you, using public key auth, non standard ports or even port knocking will be much more useful.


  • I think is better to not use an standard port and using fail2ban at the same time to avoid automated attacks. If you manage to implent what you are looking for, you are potentially telling an stacker which accounts exist and which not, allowing him to do an easier brute force attack. A typical attacker using a botnet will not be stopped by a single IP being baned, and as son as an IP is banned he will know that this account doesn’t exists. Another option is enabling port knocking.