lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 17 Nov 2011 16:28:41 +0000
From: Dave <mrx@...pergander.org.uk>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Ubuntu 11.10 now unsecure by default

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 16/11/2011 19:23, Olivier wrote:
> Hi list,
> 
> Backdoors in ubuntu are now called features :
> 
> https://answers.launchpad.net/ubuntu/+source/lightdm/+question/175756
> 
> Unfortunately remote SSH connection are not allowed, I suggest guest account to be silently add in /etc/shadow for 12.04. It could be the 
> best Ubuntu April fool ever.
> 
> Maybe calibre could also be installed by default, for a root shell out of the box.
> 


Hi,

What is the password for this guest account?
Is the password random generated?

Is remote access of any kind enabled by default for this guest account?

In what way is the guest account different from any of the half dozen or so other accounts(with the obvious exception of access rights)
created during a default Ubuntu install?

How insecure is it really?

I am not an Ubuntu expert so these are genuine questions, I am far to busy to research this at this time so I ask these questions in the hope
than an Ubuntu Guru comes forth and either allays all my/your/our fears(if they exist) or scares me/us into action.

regards
Dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEVAwUBTsU2ObIvn8UFHWSmAQIejggApAFANEVXN7ShqSPN8397EoYZaIOqF7W3
UxGdf1pKq6BxvFUmpmzQEy+ocwyBy/GqCupGFfqcTIRFYLg6uXlXRxNHoZB6eNqw
cpiOi1f2x08GAs7QIy+L7St/I6BUoUi7hx7WXMFJUVu/mp297IiJjLT7Tp489v3X
nv99DTWwkRx9DpYxf1MUruQKhR85aoWylDyPVUzwSRDiqMS4hQMDbQqBM0kzK89L
UmqVYgO+4zWuSKAqY5oBBy0fBPgOHGLvrpNxvfgAYAIMAGD6pAt/nQxAS0s8Rukc
rrJw3HRtXIPlq1tsWGZ2gdt8oaakk4sAvYXq8D2kH7aOeZflF2DrNg==
=vNit
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ