Full Disclosure mailing list archives
Re: Putty Proxy login/password discolsure....
From: cardoso <cardosolistas () contraditorium com>
Date: Wed, 25 Oct 2006 14:44:16 -0300
Exactly. A few years ago I used to deal with linux fanboys showing them the cute trick of "linux single" at boot time. After a few hours begging for the admin password, I teached the trick and they usually stopped the brag about how security Linux was. On Wed, 25 Oct 2006 12:34:49 -0500 Paul Schmehl <pauls () utdallas edu> wrote: PS> --On Wednesday, October 25, 2006 10:24:11 -0400 mflaschen3 () mail gatech edu PS> wrote: PS> PS> > Windows offers no security against local users. It is trivial to boot to PS> > a program like ERD Commander and replace admin passwords. On the other PS> > hand, PuTTy is meant to protect against everyone; that's why it doesn't PS> > allow saved passwords. Thus, this seems like a vulnerability to me. PS> > PS> Unix offers no security against local users either. If I can sit at the PS> console, I can login in single user mode, mount the drives rw and edit PS> /etc/passwd all day. PS> PS> Furthermore, I can take any hard drive, with any file system on it, and PS> with the right tools I can read everything on the drive, even deleted stuff. PS> PS> So what's your point? That when you own the box you own the box? PS> PS> If you first have to own the box to get to the information, then it's not a PS> vulnerability. It's not best practice, but it's not a vulnerability. PS> PS> Paul Schmehl (pauls () utdallas edu) PS> Senior Information Security Analyst PS> The University of Texas at Dallas PS> http://www.utdallas.edu/ir/security/ ------------------------------------------------------------- Carlos Cardoso http://www.carloscardoso.com <== blog semi-pessoal http://www.contraditorium.com <== ProBlogging e cultura digital "You lost today, kid. But that doesn't mean you have to like it" _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- RE : Putty Proxy login/password discolsure...., (continued)
- RE : Putty Proxy login/password discolsure.... Antoine SANTO (Oct 25)
- Re: RE : Putty Proxy login/password discolsure.... Heiko Zuerker (Oct 25)
- Re: Putty Proxy login/password discolsure.... Dave "No, not that one" Korn (Oct 25)
- RE : Putty Proxy login/password discolsure....(Answer from PUTTY Staff) Antoine SANTO (Oct 25)
- Re: RE : Putty Proxy login/password discolsure....(Answer from PUTTY Staff) Matthew Flaschen (Oct 25)
- Re: RE : Putty Proxy login/password discolsure....(Answer from PUTTY Staff) Simon Tatham (Oct 25)
- Re: RE : Putty Proxy login/password discolsure....(Answer from PUTTY Staff) Matthew Flaschen (Oct 25)
- Re: RE : Putty Proxy login/password discolsure....(Answer from PUTTY Staff) Simon Tatham (Oct 25)
- RE : Putty Proxy login/password discolsure....(Answer from PUTTY Staff) Antoine SANTO (Oct 25)
- RE : Putty Proxy login/password discolsure.... Antoine SANTO (Oct 25)
- Re: Putty Proxy login/password discolsure.... Paul Schmehl (Oct 25)
- Re: Putty Proxy login/password discolsure.... cardoso (Oct 25)
- Re: Putty Proxy login/password discolsure.... Raj Mathur (Oct 25)
- Re: Putty Proxy login/password discolsure.... cardoso (Oct 25)
- Re: Putty Proxy login/password discolsure.... Paul Schmehl (Oct 25)
- Re: Putty Proxy login/password discolsure.... Robert Jaroszuk (Oct 26)
- Re: Putty Proxy login/password discolsure.... Juan Pablo Daniel Borgna (Oct 29)