On 11/18/2011 03:10 PM, Dan Kaminsky wrote: > > > On Fri, Nov 18, 2011 at 5:01 AM, <[email protected] > <mailto:[email protected]>> wrote: > > On Thu, 17 Nov 2011 15:53:41 CST, C de-Avillez said: > > > There is no guest account on an Ubuntu server, so at least there > > this is not a real/perceived risk. > > And nobody's *ever* installed the desktop version on a server > because they didn't > know any better, especially from Ubuntu's target audience. Gotcha. ;) > > > OK, seriously. If you're sitting in front of a machine that's > presenting you a login prompt, you've got enough privileges to insert a > bootable USB/CD and pull all the data / make yourself an account > (FDE/Bios PW notwithstanding).
My disk is password protected, and the whole system (except /boot) is encrypted. Ubuntu guest account is definitively the best way to hack a running laptop (or workstation). -- Olivier _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
