Richard, Key words in the article, IMO are:
"To exploit the vulnerability an attacker would still need to guess the correct X-Windows password, but given the lame passwords many users pick this is hardly a high enough barrier." Poor password choice - especially for key UIDs such as root - are the true Archilles Heel of *all* systems, regardless of other security measures taken. Ron. --- RichardA <[EMAIL PROTECTED]> wrote: > The Register says MDK 8 & 8.1 will let anyone who > can guess the root password > log in to any online box: > http://www.theregister.co.uk/content/55/24447.html > The relevant text in the linked to page is : > > LINUX > 1. Login as root. > 2. Open /etc/X11/kdm/Xaccess in editor. > 3. Comment out the following two lines, by adding > "#" (without quotes) to the > beginning of each line: * #any host can get a login > window * CHOOSER > BROADCAST #any indirect host can get a chooser > 4. Save your changes, and then close the file. > > Except that mine is in xdm, not kdm. Also, if the > relevant port is blocked, > presumably nothing can happen. I hope I've got the > wrong end of the stick on > this one, but just in case, here it is. > > Whilst I'm here, has anyone any ideas about my > pcmcia notwork card problem > (posted yesterday)? :-) > > Richard > > > Want to buy your Pack or Services from MandrakeSoft? > > Go to http://www.mandrakestore.com > __________________________________________________ Do You Yahoo!? Yahoo! Sports - live college hoops coverage http://sports.yahoo.com/
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
