Re: same root and user password by default

To: bug1 <bug1@netconnect.com.au>
Cc: debian-boot@lists.debian.org
Subject: Re: same root and user password by default
From: Joey Hess <joeyh@debian.org>
Date: Sat, 18 Mar 2000 00:35:27 -0800
Message-id: <[🔎] 20000318003527.V30577@kitenet.net>
Mail-followup-to: bug1 <bug1@netconnect.com.au>, debian-boot@lists.debian.org
In-reply-to: <[🔎] 38D32341.C3960BC0@netconnect.com.au>; from bug1@netconnect.com.au on Sat, Mar 18, 2000 at 06:33:37AM +0000
References: <[🔎] 38D32341.C3960BC0@netconnect.com.au>

bug1 wrote:
> Thoughts ?

There's lots of ways a user can unwittingly leak out their user password --
they telnet or ftp into their machine for instance, and the attacker
sniffs the wire.

If I were cracking a Debian machine, and I had cracked user id 1001 by
getting ahold of the passowrd, the very first thing I would do is try
the password on the root account. I'll bet it'd already work a fair percent
of the time. No need to raise that percentage..

-- 
see shy jo

Reply to:

References:
- same root and user password by default
  - From: bug1 <bug1@netconnect.com.au>

Prev by Date: Re: same root and user password by default
Next by Date: Re: bf 2.2.8 vanishing reboot abilities
Previous by thread: Re: same root and user password by default
Next by thread: File names of .html documentation?
Index(es):
- Date
- Thread