The advice weakens your system from a local perspective granted, but if an attacker has a local user on your box already, it's already game over.
Yes, if you were a user with intelligence. I must've forgot that everyone that uses a computer does so with sense. On Sat, Nov 10, 2012 at 6:30 PM, Michal Zalewski <lcam...@coredump.cx>wrote: > > I think you've taken that far too literaly. My understanding of it is to > > protect against a) brute force retardation b) dumb attackers. > > The advice weakens the security of your system, because it means I > just need to compromise your unprivileged account (in which you run > your browser, mail client, and so on) to own the entire box. > > As for the benefits, care to elaborate? I'm not sure what a) and b) > really mean. If you're worried about brute-force, don't use trivial > passwords. If you worry about opportunistic attacks, do that and then > patch your stuff every now and then. > > /mz >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/