Huge security problem with Breezy
Joe(theWordy)Philbrook
jtwdyp at ttlc.net
Tue Mar 14 19:07:59 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
It would appear that on Mar 14, David A' Rebel did say:
> Granted but I still would be way more careful about taking the word
> of a forum and one person before arbitrarily deleting any files from my
> system critical or otherwise. For anyone to read that file they would
> have have access to your computer or access to it over a very insecure
> network for them to read it anyway.
In my case however it wasn't just the OP's word... I looked at the file
which, since I had installed breezy from a cd (expert install mode) And
was quite annoyed to recognize the initial password I had assigned to my
root account... Quite aside from the fact that I do know enough to
change my password(s) And even though my PC doesn't accept remote
logins, I didn't like the idea that it had logged the password in clear
text. At this point that file HAD to go. in fact since I use ext2, using
shred on it was a viable option... Which I'd have done on general
principles even if it WAS a mission critical file without which kubuntu
couldn't ever run again... But as luck would have it, it was only a log
file, so there was no downside to shredding it...
Joe
#############################################################
##_if_you'd_prefer_an_clearsigned_".asc"_text_file_of_this_##
##message_as_an_mime_encoded_attachment,just_ask_me_while__##
##it's_STILL_IN_my_outbox_folder_._._._=+=+=+=+=+=+=+=+;-)_##
#gpg sig for: Joe (theWordy) Philbrook DSA key ID 0x6C2163DE#
# You can find my public gpg key at http://pgpkeys.mit.edu/ #
#############################################################
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFEFxNxRZ/61mwhY94RAvCyAKCFfjpMoUhydUx5fDjmHtyfytF4JgCeNjXe
2PeTifD2AQfkyYSZRDmK2zA=
=NuOR
-----END PGP SIGNATURE-----
"passwords logged in clear text???"
|
| ` '
|
| ~~~ ~~~
| <#> <#>
| ^
| --- <YIKES!>
|
| ' `
| Joe (theWordy) Philbrook <JtWdyP at ttlc.net> (:-0%
More information about the kubuntu-users
mailing list