Ubiquity generates hostname using login name
B Gerlich
bgerlich at gmail.com
Thu Jan 15 21:18:07 UTC 2009
Ubiquity uses the default login name to generate the machine's default
hostname. This is a potential security risk allowing third party to conduct
a more efficient brute force attack. Given the fact that the default user is
also in the sudoers list, this would allow the attacker to gain root
privileges instantly after a successful ssh brute force attack.
Wouldn't it be more prudent to generate the hostname in a way that wouldn't
reveal an existing user name, for example not using the last three or four
chars of the login in the hostname?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20090115/124578ee/attachment.html>
More information about the Ubuntu-devel-discuss
mailing list