| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 14 May 2009 12:39:29 -0700 From: Susan Bradley <sbradcpa@...bell.net> To: my.security.lists@...il.com Cc: MustLive <mustlive@...security.com.ua>, bugtraq@...urityfocus.com Subject: Re: Insufficient Authentication vulnerability in Asus notebook We're talking XP Home here, right? A admin account without a password cannot be access remotely over the internet, so if you have physical access at all times of that Asus netbook it's arguably more secure in some circumstances. nameless wrote: > Susan Bradley wrote: > >> 3. For XPs it's kinda handy to have a blank admin password when you >> sometimes come in on a network and need to get to that particular >> machine and you didn't set it up, otherwise you have to use the Admin >> password boot disk trick and reset the password to blank. >> > > You should only do the above recommendation, if you like to have your > boxes owned. > > You should not have any administrative accounts named "Administrator" > and _all_ administrative accounts should have a _STRONG_ password > associated with them. > > No exceptions. > > Password safes are available at no charge. If you somehow forget your > password, you can always reset it via AD or resetting the SAM. > > >
Powered by blists - more mailing lists