cross-platform virus
Alan McKinnon
alan at linuxholdings.co.za
Sun Apr 9 13:06:29 BST 2006
On Sunday 09 April 2006 09:44, Cybe R. Wizard wrote:
> On Sun, 09 Apr 2006 12:17:13 +1000
>
> Sasha Tsykin <stsykin at gmail.com> wrote:
> > I don't see why we should use sudo. It seems much more secure to
> > just create an admin or root account, like almost every other
> > Linux distribution in existence.
>
> Want to crack a box? Everyone has a root account, you only need to
> crack the password. Want to crack an Ubuntu box? First, guess the
> username, /then/ you can move to cracking the password. An extra
> security step is involved wherein one doesn't even have something
> (root) to start with. It's would take a hell of a dictionary
> attack to get a strange username and password.
Want an even better system? Don't use sudo, use su, and disable all
root logins. Then you need to crack one username and *two* passwords.
Then configure pam to require a really really strong root password
following the usual rules for that kind of thing.
--
Alan McKinnon
alan at linuxholdings dot co dot za
+27 82, double three seven, one nine three five
More information about the sounder
mailing list