| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 17 Nov 2011 21:52:14 +0100 From: Olivier <feuille@...ibox.fr> To: full-disclosure@...ts.grok.org.uk Subject: Re: Ubuntu 11.10 now unsecure by default On 11/17/2011 08:34 PM, Ryan Dewhurst wrote: > Are there any other services this may effect? The question could also be how many features like this are (will be?) silently enabled by default on new Ubuntu systems. "Perfect for business use, Ubuntu is safe, intuitive and stable" -- http://www.ubuntu.com/business Ubuntu is clearly no more recommended for business use. End users will have to become security experts to avoid teenager's attacks ... shameful > On Thu, Nov 17, 2011 at 7:18 PM, Andrew N Dowden > <andrew_dowden@...tdesign.net.nz > <mailto:andrew_dowden@...tdesign.net.nz>> wrote: > > On 18/11/11 23:46, Larry W. Cashdollar wrote: >> Anyone know what the default is for Ubuntu 11 >> >> PermitEmptyPasswords no >> PasswordAuthentication no >> >> >> in /etc/ssh/sshd_config? > for Ubuntu 11.10 (Oneiric) > > snip: ( from */etc/ssh/sshd_config* ) > -- > # To enable empty passwords, change to yes (NOT RECOMMENDED) > PermitEmptyPasswords no > -- > # Change to no to disable tunnelled clear text passwords > #PasswordAuthentication yes > -- -- Olivier _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists