On Thu, 2004-08-26 at 03:11, David Vincent wrote: > >Hello list! > > > >A few weeks ago there was a discussion about automated ssh scanning with > >user/password combinations like guest/guest or admin/admin. > >I set up a debian woody fully patched with both accounts activated, and > >got rooted some days later... > > > >The attackers installed some software and irc-bots and tried to use this > >host for testing other computers, thats not the point. I would like to > >know where's the weak point in the system? As the system was updates on > >a daily base! The only known weakness were these two accounts! > > > > > you didn't set up admin/admin as root did you? > > just asking. > > -d Hello David,
no I created only unprivileged user accounts! And the root password is not considered to be weak! Richard _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
