lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20050127161814.GA1650@localghost.muenther.de> From: jan.muenther at nruns.com (Jan Muenther) Subject: [lists] Terminal Server vulnerabilities > There are ways to find out the usernames that are admin they begin with 500_ > ( do a Google search if you want ) > > Any script kiddy worth his salt will tell u this... So this one is off > because renaming admin account will only be security thru obscurity witch is > not good for the internet... It's also only possible when you've got NetBIOS/CIFS open to the Internet, which is something even worse on the Internet. Even though the SID/RID of the administrator can be determined remotely under these conditions, I'd still recommend the renaming of the account as a standard hardening procedure. And fwiw, the fact that a security safeguard can be overcome is not a reason to completely disregard it. With this argumentation, you could sell your firewalls. Cheers, j.
Powered by blists - more mailing lists