OT: Is it so easy to break into an NIS?

To: Debian Security <debian-security@lists.debian.org>
Subject: OT: Is it so easy to break into an NIS?
From: Haim Ashkenazi <haim@consonet.com>
Date: Wed, 19 Mar 2003 02:13:13 +0200
Message-id: <[🔎] 20030319021313.40a60301.haim@consonet.com>

Hi

A friend just asked me this question and I got curious. say I'm equipped with a linux laptop and some knowledge, I can walk into a company that uses NIS, find out the settings (NISDOMAIN, free ip address, etc...) and join their domain. now I can login as root on my computer, su to any user and see/change/delete his files. is it that easy?

of-course, administrators should protect their mounts with netgroups permissions, and users should protect their important files with encryption, but how many of these you see?

any ideas? suggestions?

Bye
-- 
Haim

Reply to:

Follow-Ups:
- Re: OT: Is it so easy to break into an NIS?
  - From: Keegan Quinn <kquinn@respond2.com>
- Re: OT: Is it so easy to break into an NIS?
  - From: Rick Moen <rick@linuxmafia.com>
- Re: OT: Is it so easy to break into an NIS?
  - From: Haim Ashkenazi <haim@consonet.com>

Prev by Date: Re: ptrace vulnerability?
Next by Date: Re: OT: Is it so easy to break into an NIS?
Previous by thread: Re: Current OpenSSL vulnerability (CAN-2003-0147)
Next by thread: Re: OT: Is it so easy to break into an NIS?
Index(es):
- Date
- Thread