Re: sudo security Was: Reporting missing package during install
On Tuesday, December 10, 2013 11:15:26 AM John Hasler wrote:
> Gian Uberto Lauri writes:
> > Some of your argument seems to suggest that the Debian installer should
> > not offer the option of leaving the root password blank
>
> Gian Uberto Lauri
>
> > IT DOES????? AAAAAAARGH!
>
> It *disables* the root account. Thus there is only one "vulnerable"
> account.
Not only that, but now whoever seeks to compromise your account has the added
challenge of figuring out just what, exactly, the name of the account is. The
problem with 'root' is everyone who would intend to compromise it knows its
name.
Conrad
Reply to: