cross-platform virus
John
dingo at coco2.arach.net.au
Mon Apr 10 02:33:08 BST 2006
Alan McKinnon wrote:
> On Sunday 09 April 2006 09:44, Cybe R. Wizard wrote:
>
>>On Sun, 09 Apr 2006 12:17:13 +1000
>>
>>Sasha Tsykin <stsykin at gmail.com> wrote:
>>
>>>I don't see why we should use sudo. It seems much more secure to
>>>just create an admin or root account, like almost every other
>>>Linux distribution in existence.
>>
>>Want to crack a box? Everyone has a root account, you only need to
>>crack the password. Want to crack an Ubuntu box? First, guess the
>>username, /then/ you can move to cracking the password. An extra
>>security step is involved wherein one doesn't even have something
>>(root) to start with. It's would take a hell of a dictionary
>>attack to get a strange username and password.
>
>
> Want an even better system? Don't use sudo, use su, and disable all
> root logins. Then you need to crack one username and *two* passwords.
>
> Then configure pam to require a really really strong root password
> following the usual rules for that kind of thing.
>
I suppose you want combinations of uppercase, lowercase, numersla dn
special characters that people can't recall so they write them down?
Just stop dictionaty accounts, it's way easier. Let people have
passwords they can remember, they don't have to be actual words. I
imagine Alan could easily recall almaperth?
How long would it take for an attack to succeed, if the rate was limited
to three failures per hour?
More information about the sounder
mailing list