[TriLUG] Re: Back Oriffice for Linux
Andrew Perrin
andrew_perrin at unc.edu
Mon Mar 18 09:34:15 EST 2002
On Mon, 18 Mar 2002, Sinner from the Prairy wrote:
> El dia Monday 18 March 2002 07:27 am, no tenies res mes que fer i vas i
> m'envies aquest mail:
> > [Andrew Perrin]
>
> > > Er, not to be a stickler, but if someone knows your root password aren't
> > > you kind of sunk to begin with? it would be trivial enough, as root,
> > > simply to edit Xaccess to give oneself access.
>
> > Arguably, they should be able to know your root password but still
> > not be able to do anything from a remote location over the network.
> > ssh's PermitRootLogin=no
> >
> > Calling this a "remote root exploit" would be a misnomer given the
> > password requirement, but it's still seemingly a tool that could
> > be a (admittedly slow) running crack on your machine :)
>
>
> Let me answer to both of you at the same time:
>
> This "Exploits" relies in the bad password picking policy that many
> (some/most/a few) Linux users follow. Yes, having as a password your
> middlename followed by a one-digit number makes very easy to be identified by
> those bad guys / black hackers / script kiddies.
>
> And many users do not change their root password often enough (or never).
>
> And, of course, noone wants some unknown guy in North Korea to "remotely
> administer" our box and set up open relay on sendmail. Am I right?
Well yes, of course you're right, but it's still hard to call it a remote
root exploit - sort of like leaving your back door open and calling it
breaking and entering when the burglar contemplates going around to the
back to get in.
ap
----------------------------------------------------------------------
Andrew J Perrin - andrew_perrin at unc.edu - http://www.unc.edu/~aperrin
Assistant Professor of Sociology, U of North Carolina, Chapel Hill
269 Hamilton Hall, CB#3210, Chapel Hill, NC 27599-3210 USA
More information about the TriLUG
mailing list