cross-platform virus
Sasha Tsykin
stsykin at gmail.com
Sun Apr 9 14:21:43 BST 2006
Alan McKinnon wrote:
> On Sunday 09 April 2006 09:44, Cybe R. Wizard wrote:
>> On Sun, 09 Apr 2006 12:17:13 +1000
>>
>> Sasha Tsykin <stsykin at gmail.com> wrote:
>>> I don't see why we should use sudo. It seems much more secure to
>>> just create an admin or root account, like almost every other
>>> Linux distribution in existence.
>> Want to crack a box? Everyone has a root account, you only need to
>> crack the password. Want to crack an Ubuntu box? First, guess the
>> username, /then/ you can move to cracking the password. An extra
>> security step is involved wherein one doesn't even have something
>> (root) to start with. It's would take a hell of a dictionary
>> attack to get a strange username and password.
>
> Want an even better system? Don't use sudo, use su, and disable all
> root logins. Then you need to crack one username and *two* passwords.
>
> Then configure pam to require a really really strong root password
> following the usual rules for that kind of thing.
>
very valid point
More information about the sounder
mailing list