Full Disclosure mailing list archives
Re: Putty Proxy login/password discolsure....
From: Matthew Flaschen <matthew.flaschen () gatech edu>
Date: Wed, 25 Oct 2006 15:36:13 -0400
Sounds cool. Battering ram is easier, though. I said, deal with, not solve. Matthew Flaschen North, Quinn wrote:
Sadly, Not even that will help you anymore ... http://www.hackaday.com/2005/08/24/lock-bumping-revisited/ --=Q=-- -----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Matthew Flaschen Sent: Wednesday, October 25, 2006 3:20 PM To: cardoso Cc: full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] Putty Proxy login/password discolsure.... I have a dual WinXP/Debian boot, and I deal with that problem by locking my door. Matt Flaschen cardoso wrote:Exactly. A few years ago I used to deal with linux fanboys showingthemthe cute trick of "linux single" at boot time. After a few hoursbeggingfor the admin password, I teached the trick and they usually stoppedthebrag about how security Linux was. On Wed, 25 Oct 2006 12:34:49 -0500 Paul Schmehl <pauls () utdallas edu> wrote: PS> --On Wednesday, October 25, 2006 10:24:11 -0400mflaschen3 () mail gatech eduPS> wrote: PS> PS> > Windows offers no security against local users. It is trivialto boot toPS> > a program like ERD Commander and replace admin passwords. Onthe otherPS> > hand, PuTTy is meant to protect against everyone; that's why itdoesn'tPS> > allow saved passwords. Thus, this seems like a vulnerability tome.PS> > PS> Unix offers no security against local users either. If I can sitat thePS> console, I can login in single user mode, mount the drives rw andeditPS> /etc/passwd all day. PS> PS> Furthermore, I can take any hard drive, with any file system onit, andPS> with the right tools I can read everything on the drive, evendeleted stuff.PS> PS> So what's your point? That when you own the box you own the box? PS> PS> If you first have to own the box to get to the information, thenit's not aPS> vulnerability. It's not best practice, but it's not avulnerability.PS> PS> Paul Schmehl (pauls () utdallas edu) PS> Senior Information Security Analyst PS> The University of Texas at Dallas PS> http://www.utdallas.edu/ir/security/ ------------------------------------------------------------- Carlos Cardoso http://www.carloscardoso.com <== blog semi-pessoal http://www.contraditorium.com <== ProBlogging e cultura digital "You lost today, kid. But that doesn't mean you have to like it" _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Putty Proxy login/password discolsure...., (continued)
- Re: Putty Proxy login/password discolsure.... Robert Jaroszuk (Oct 26)
- Re: Putty Proxy login/password discolsure.... Juan Pablo Daniel Borgna (Oct 29)
- Re: Putty Proxy login/password discolsure.... Matthew Flaschen (Oct 25)
- Re: Putty Proxy login/password discolsure.... endrazine (Oct 25)
- Re: Putty Proxy login/password discolsure.... cardoso (Oct 25)
- Re: Putty Proxy login/password discolsure.... Matthew Flaschen (Oct 25)
- Re: Putty Proxy login/password discolsure.... Paul Schmehl (Oct 25)
- Re: Putty Proxy login/password discolsure.... Matthew Flaschen (Oct 25)
- Re: Putty Proxy login/password discolsure.... endrazine (Oct 25)
- Re: Putty Proxy login/password discolsure.... Matthew Flaschen (Oct 25)