| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1321644962.2014.1.camel@ubuntu.ubuntu-domain>
Date: Fri, 18 Nov 2011 12:36:02 -0700
From: Leon Kaiser <literalka@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Ubuntu 11.10 now unsecure by default
It's a good thing that Desktop Linux is dead/dying/never got off the
ground anyways, then!
--
========================================================
Leon Kaiser - Head of GNAA Public Relations -
literalka@...a.eu || literalka@...tse.fr
http://gnaa.eu || http://security.goatse.fr
7BEECD8D FCBED526 F7960173 459111CE F01F9923
"The mask of anonymity is not intensely constructive."
-- Andrew "weev" Auernheimer
========================================================
On Fri, 2011-11-18 at 12:24 +0100, Mario Vilas wrote:
> Let's not overreact. We're talking about a guest account only on
> dekstop systems, for local login only, and perfectly visible to the
> user. The only problem I see here is not having a simple GUI way to
> disable the guest login for a non tech-savvy user, but no more. (Or am
> I missing something here?)
>
>
> On Thu, Nov 17, 2011 at 9:52 PM, Olivier <feuille@...ibox.fr> wrote:
>
> On 11/17/2011 08:34 PM, Ryan Dewhurst wrote:
> > Are there any other services this may effect?
>
> The question could also be how many features like this are
> (will be?)
> silently enabled by default on new Ubuntu systems.
>
> "Perfect for business use, Ubuntu is safe, intuitive and
> stable" --
> http://www.ubuntu.com/business
>
> Ubuntu is clearly no more recommended for business use. End
> users will
> have to become security experts to avoid teenager's
> attacks ... shameful
>
>
> > On Thu, Nov 17, 2011 at 7:18 PM, Andrew N Dowden
> > <andrew_dowden@...tdesign.net.nz
> > <mailto:andrew_dowden@...tdesign.net.nz>> wrote:
> >
> > On 18/11/11 23:46, Larry W. Cashdollar wrote:
> >> Anyone know what the default is for Ubuntu 11
> >>
> >> PermitEmptyPasswords no
> >> PasswordAuthentication no
> >>
> >>
> >> in /etc/ssh/sshd_config?
> > for Ubuntu 11.10 (Oneiric)
> >
> > snip: ( from */etc/ssh/sshd_config* )
> > --
> > # To enable empty passwords, change to yes (NOT
> RECOMMENDED)
> > PermitEmptyPasswords no
> > --
> > # Change to no to disable tunnelled clear text passwords
> > #PasswordAuthentication yes
> > --
>
> --
> Olivier
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>
>
>
>
>
> --
> “There's a reason we separate military and the police: one fights
> the enemy of the state, the other serves and protects the people. When
> the military becomes both, then the enemies of the state tend to
> become the people.”
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists