Re: Fwd: Password leaks are security holes

To: debian-security@lists.debian.org
Subject: Re: Fwd: Password leaks are security holes
From: "A. Dreyer" <ml10038@adreyer.com>
Date: Thu, 28 Aug 2008 13:38:20 +0200
Message-id: <[🔎] 20080828113820.GA10008@johndoe666.info>
Reply-to: "A. Dreyer" <ml10038@adreyer.com>
In-reply-to: <[🔎] 9b0752e70808280405m2aafc310r883526c6ee65e21c@mail.gmail.com>
References: <[🔎] 9b0752e70808271228j33d116b6m8c5d19af201ee591@mail.gmail.com> <20080827203237.GB4739@ngolde.de> <[🔎] 9b0752e70808280003y3d40d0bjabd62e6a75c3071c@mail.gmail.com> <[🔎] 48B65589.5080308@debian.org> <[🔎] 9b0752e70808280405m2aafc310r883526c6ee65e21c@mail.gmail.com>

On Thu, 28 Aug 2008, Johan Walles wrote:

> 2008/8/28 Giacomo A. Catenazzi <cate@debian.org>:
> > Johan Walles wrote:
> >> Security shouldn't be based on nobody ever doing more or less common
> >> mistakes.
> >
> > auth.log was invented for this reason, and separated to standard log:
> > it should be readable only by root, because users do errors.
> 
> It's readable by anybody with physical access to the hardware.
> 
> Hard disks get stolen all the time [1], and on publicly accessible
> machines it's often possible to boot in runlevel 1 or from something
> other than the hard disk and access any files you like.  That's why
> the passwords in /etc/shadow are all hashed, rather than just being
> chmodded.

If you are that worried about physical hard drive security why don't you just run on a Live-CD? 

> 
> > Anyway root already has the capability to view passwords
> > (i.e. by installing alternate login programs, sniffing tty, ...)
> 
> That doesn't mean Debian should *help* root doing that in a default
> install.  Security by default, anybody?

Physical security is not part of the OS (maybe except the DRM stuff..)

> > So auth.log should log usernames, so that users don't do
> > wrong assumption that password are not accessible by root!
> 
> I can see a point in logging *valid* usernames.  Logging invalid
> usernames (which aren't unlikely to actually be passwords) is a
> security risk.

And you do you figure out if you are under attack?
When I see that someone is obviously trying "default" system usernames
I know there is an attack going on, if I only see that there have been
10 invalid login requests this could also be the CEO coming back from
his 2 month vacation...

Common sense:
If you have accidentally typed in your password on the login prompt,
login immediately and change the password!

We shouldn't encourage people to continue using possibly compromised
passwords. If they compromise it, they are responsible to change it
immediately or to get the account locked!!
This should be in your (computer use) company policy.

Regards,
Achim

-- 
Achim Dreyer                || http://www.adreyer.com/
Senior Unix & Network Admin || RHCE, RHCA, CCSA, CCSE, CCNA
Phone: +44 7756 948229      || CACert assurer

Reply to:

Follow-Ups:
- Re: Password leaks are security holes
  - From: Simon Valiquette <v.simon@ieee.org>

References:
- Password leaks are security holes
  - From: "Johan Walles" <johan.walles@gmail.com>
- Fwd: Password leaks are security holes
  - From: "Johan Walles" <johan.walles@gmail.com>
- Re: Fwd: Password leaks are security holes
  - From: "Giacomo A. Catenazzi" <cate@debian.org>
- Re: Fwd: Password leaks are security holes
  - From: "Johan Walles" <johan.walles@gmail.com>

Prev by Date: Re: Fwd: Password leaks are security holes
Next by Date: Re: Fwd: Password leaks are security holes
Previous by thread: Re: Fwd: Password leaks are security holes
Next by thread: Re: Password leaks are security holes
Index(es):
- Date
- Thread