Full Disclosure mailing list archives

Re: Ubuntu 11.10 now unsecure by default

From: Mario Vilas <mvilas () gmail com>
Date: Fri, 18 Nov 2011 12:24:36 +0100

Let's not overreact. We're talking about a guest account only on dekstop
systems, for local login only, and perfectly visible to the user. The only
problem I see here is not having a simple GUI way to disable the guest
login for a non tech-savvy user, but no more. (Or am I missing something
here?)

On Thu, Nov 17, 2011 at 9:52 PM, Olivier <feuille () bibibox fr> wrote:

On 11/17/2011 08:34 PM, Ryan Dewhurst wrote:

Are there any other services this may effect?


The question could also be how many features like this are (will be?)
silently enabled by default on new Ubuntu systems.

"Perfect for business use, Ubuntu is safe, intuitive and stable" --
http://www.ubuntu.com/business

Ubuntu is clearly no more recommended for business use. End users will
have to become security experts to avoid teenager's attacks ... shameful

On Thu, Nov 17, 2011 at 7:18 PM, Andrew N Dowden
<andrew_dowden () softdesign net nz
<mailto:andrew_dowden () softdesign net nz>> wrote:

    On 18/11/11 23:46, Larry W. Cashdollar wrote:

    Anyone know what the default is for Ubuntu 11

    PermitEmptyPasswords no
    PasswordAuthentication no


    in /etc/ssh/sshd_config?

    for Ubuntu 11.10 (Oneiric)

    snip: ( from */etc/ssh/sshd_config* )
    --
    # To enable empty passwords, change to yes (NOT RECOMMENDED)
    PermitEmptyPasswords no
    --
    # Change to no to disable tunnelled clear text passwords
    #PasswordAuthentication yes
    --


--
Olivier

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




-- 
“There's a reason we separate military and the police: one fights the enemy
of the state, the other serves and protects the people. When the military
becomes both, then the enemies of the state tend to become the people.”

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Ubuntu 11.10 now unsecure by default, (continued)
- - Re: Ubuntu 11.10 now unsecure by default Mario Vilas (Nov 17)
    - Re: Ubuntu 11.10 now unsecure by default Cody Robertson (Nov 17)
    - Re: Ubuntu 11.10 now unsecure by default Valdis . Kletnieks (Nov 17)
    - Re: Ubuntu 11.10 now unsecure by default Larry W. Cashdollar (Nov 17)
    - Re: Ubuntu 11.10 now unsecure by default Valdis . Kletnieks (Nov 17)
    - Re: Ubuntu 11.10 now unsecure by default Andrew N Dowden (Nov 17)
    - Re: Ubuntu 11.10 now unsecure by default Ryan Dewhurst (Nov 17)
    - Re: Ubuntu 11.10 now unsecure by default Larry W. Cashdollar (Nov 17)
    - Re: Ubuntu 11.10 now unsecure by default xD 0x41 (Nov 19)
    - Re: Ubuntu 11.10 now unsecure by default Olivier (Nov 18)
    - Re: Ubuntu 11.10 now unsecure by default Mario Vilas (Nov 18)
    - Re: Ubuntu 11.10 now unsecure by default Valdis . Kletnieks (Nov 18)
    - Re: Ubuntu 11.10 now unsecure by default Darren Martyn (Nov 18)
    - Re: Ubuntu 11.10 now unsecure by default root (Nov 18)
    - Re: Ubuntu 11.10 now unsecure by default GloW - XD (Nov 19)
    - Re: Ubuntu 11.10 now unsecure by default root (Nov 19)
    - Re: Ubuntu 11.10 now unsecure by default charlie (Nov 23)
    - Re: Ubuntu 11.10 now unsecure by default dave bl (Nov 23)
    - Re: Ubuntu 11.10 now unsecure by default charlie (Nov 23)
    - Re: Ubuntu 11.10 now unsecure by default adam (Nov 23)
    - Re: Ubuntu 11.10 now unsecure by default deepquest (Nov 23)

(Thread continues...)