Full Disclosure mailing list archives

Re: Putty Proxy login/password discolsure....

From: Raj Mathur <raju () linux-delhi org>
Date: Wed, 25 Oct 2006 23:57:15 +0530

On Wednesday 25 October 2006 23:14, cardoso wrote:

Exactly. A few years ago I used to deal with linux fanboys showing
them the cute trick of "linux single" at boot time. After a few
hours begging for the admin password, I teached the trick and they
usually stopped the brag about how security Linux was.


Can't do that in most modern distributions today -- they're configured 
to ask for root password before they give a single-user shell.

Not that there aren't other ways around that restriction...

-- Raju



On Wed, 25 Oct 2006 12:34:49 -0500
Paul Schmehl <pauls () utdallas edu> wrote:

PS> --On Wednesday, October 25, 2006 10:24:11 -0400
mflaschen3 () mail gatech edu PS> wrote:
PS>
PS> > Windows offers no security against local users.  It is
trivial to boot to PS> > a program like ERD Commander and replace
admin passwords.  On the other PS> > hand, PuTTy is meant to
protect against everyone; that's why it doesn't PS> > allow saved
passwords.  Thus, this seems like a vulnerability to me. PS> >
PS> Unix offers no security against local users either.  If I can
sit at the PS> console, I can login in single user mode, mount the
drives rw and edit PS> /etc/passwd all day.
PS>
PS> Furthermore, I can take any hard drive, with any file system on
it, and PS> with the right tools I can read everything on the
drive, even deleted stuff. PS>
PS> So what's your point?  That when you own the box you own the
box? PS>
PS> If you first have to own the box to get to the information,
then it's not a PS> vulnerability.  It's not best practice, but
it's not a vulnerability. PS>


-- 
Raj Mathur            raju () kandalaya org   http://kandalaya.org/
       GPG: 78D4 FC67 367F 40E2 0DD5  0FEF C968 D0EF CC68 D17F
                      It is the mind that moves

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: RE : Putty Proxy login/password discolsure...., (continued)
- - Re: RE : Putty Proxy login/password discolsure.... Heiko Zuerker (Oct 25)
- Re: Putty Proxy login/password discolsure.... Dave "No, not that one" Korn (Oct 25)
  - RE : Putty Proxy login/password discolsure....(Answer from PUTTY Staff) Antoine SANTO (Oct 25)
    - Re: RE : Putty Proxy login/password discolsure....(Answer from PUTTY Staff) Matthew Flaschen (Oct 25)
    - Re: RE : Putty Proxy login/password discolsure....(Answer from PUTTY Staff) Simon Tatham (Oct 25)
    - Re: RE : Putty Proxy login/password discolsure....(Answer from PUTTY Staff) Matthew Flaschen (Oct 25)
    - Re: RE : Putty Proxy login/password discolsure....(Answer from PUTTY Staff) Simon Tatham (Oct 25)
  - Re: Putty Proxy login/password discolsure.... mflaschen3 (Oct 25)
    - Re: Putty Proxy login/password discolsure.... Paul Schmehl (Oct 25)
    - Re: Putty Proxy login/password discolsure.... cardoso (Oct 25)
    - Re: Putty Proxy login/password discolsure.... Raj Mathur (Oct 25)
    - Re: Putty Proxy login/password discolsure.... cardoso (Oct 25)
    - Re: Putty Proxy login/password discolsure.... Paul Schmehl (Oct 25)
    - Re: Putty Proxy login/password discolsure.... Robert Jaroszuk (Oct 26)
    - Re: Putty Proxy login/password discolsure.... Juan Pablo Daniel Borgna (Oct 29)
    - Re: Putty Proxy login/password discolsure.... Matthew Flaschen (Oct 25)
    - Re: Putty Proxy login/password discolsure.... endrazine (Oct 25)
    - Re: Putty Proxy login/password discolsure.... cardoso (Oct 25)
    - Re: Putty Proxy login/password discolsure.... Matthew Flaschen (Oct 25)
    - Re: Putty Proxy login/password discolsure.... Paul Schmehl (Oct 25)
    - Re: Putty Proxy login/password discolsure.... Matthew Flaschen (Oct 25)

(Thread continues...)