No shit Sherlock! On Aug 4, 2012 3:38 AM, "larry Cashdollar" <[email protected]> wrote:
> Vapid Labs > Larry W. Cashdollar > 8/2/2012 > > > Since a some RaspberryPi users maybe unaware of the security implications of > sshd I thought I should just make a note of some issues. > > RaspberryPi image Occidentalis v0.1 > > >From the site: > > "Adafruit <3 Raspberry Pi - especially how easy it is to hack circuits using > the electronics breakout pins! But sadly, the latest official > distro "July 15 Raspbian Wheezy" did not have many of the delicious hackables > built in. That's why we decided to roll our own > distribution. > > Our distro is based on "Wheezy" but comes with hardware SPI, I2C, one wire, > and WiFi support for our wifi adapters. It also has > some things to make overall hacking easier such sshd on startup (with key > generation on first boot) and Bonjour (so you can simply > ssh raspberrypi.local from any computer on the local network)" > > Enables ssh by default but doesn't prompt user to change root & pi account > passwords. > http://learn.adafruit.com/adafruit-raspberry-pi-educational-linux-distro/occidentalis-v0-dot-1 > > Arch Linux ARM > > "Arch Linux ARM is based on Arch Linux, which aims for simplicity and full > control to the end user. Note that this distribution may not > be suitable for beginners." > > Default login of root/root with sshd enabled, doesn't prompt to change > password. > http://downloads.raspberrypi.org/images/archlinuxarm/archlinuxarm-13-06-2012/archlinuxarm-13-06-2012.zip > > If your going to enabled sshd by default please prompt the user to change the > default password upon first boot. If your going to connect > these PIs to a network be sure to use secure passwords. > > > http://vapid.dhs.org/advisories/raspberrypi_image_security.txt > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
