lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 18 Nov 2011 12:24:36 +0100
From: Mario Vilas <mvilas@...il.com>
To: Olivier <feuille@...ibox.fr>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Ubuntu 11.10 now unsecure by default

Let's not overreact. We're talking about a guest account only on dekstop
systems, for local login only, and perfectly visible to the user. The only
problem I see here is not having a simple GUI way to disable the guest
login for a non tech-savvy user, but no more. (Or am I missing something
here?)

On Thu, Nov 17, 2011 at 9:52 PM, Olivier <feuille@...ibox.fr> wrote:

> On 11/17/2011 08:34 PM, Ryan Dewhurst wrote:
> > Are there any other services this may effect?
>
> The question could also be how many features like this are (will be?)
> silently enabled by default on new Ubuntu systems.
>
> "Perfect for business use, Ubuntu is safe, intuitive and stable" --
> http://www.ubuntu.com/business
>
> Ubuntu is clearly no more recommended for business use. End users will
> have to become security experts to avoid teenager's attacks ... shameful
>
>
> > On Thu, Nov 17, 2011 at 7:18 PM, Andrew N Dowden
> > <andrew_dowden@...tdesign.net.nz
> > <mailto:andrew_dowden@...tdesign.net.nz>> wrote:
> >
> >     On 18/11/11 23:46, Larry W. Cashdollar wrote:
> >>     Anyone know what the default is for Ubuntu 11
> >>
> >>     PermitEmptyPasswords no
> >>     PasswordAuthentication no
> >>
> >>
> >>     in /etc/ssh/sshd_config?
> >     for Ubuntu 11.10 (Oneiric)
> >
> >     snip: ( from */etc/ssh/sshd_config* )
> >     --
> >     # To enable empty passwords, change to yes (NOT RECOMMENDED)
> >     PermitEmptyPasswords no
> >     --
> >     # Change to no to disable tunnelled clear text passwords
> >     #PasswordAuthentication yes
> >     --
>
> --
> Olivier
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
“There's a reason we separate military and the police: one fights the enemy
of the state, the other serves and protects the people. When the military
becomes both, then the enemies of the state tend to become the people.”

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ