On Wed, 25 Jul 2001, Ian C. Sison wrote:
> > > http://www.zdnet.com/enterprise/stories/linux/0,12249,5094560,00.html
> >
> > openssh software is not infected. only ssh.com software is infected.
> > that is why we should all use open source software.
>
> Besides, what kind of _moron_ would use a 1 or 2 character password for
> root? Bato bato sa langit, bahala na yung matamaan...
Hi,
What crackers will do is not to attack root,
they will go for the local users and check
if it has 1 or 2 char. as a pasword.
Problem with this, it's perfectly possible
to put a single * char. in the /etc/shadow
to denote that the person cannot login in
linux.
solaris puts an "NP" on some daemons to denote
that you can't login with ths account.
They can in someway then leverage this to
try to access the root account.
In fairness to Solaris and Linux, it's not the
OSes fault, it's the fault of the commercial SSH.
regards,
-----
Andre M. Varon <[EMAIL PROTECTED]>
http://andre.lasaltech.com
Fear can hold you prisoner, Hope can set you free.
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
