Re: Ubuntu 11.10 now unsecure by default

[Leon Kaiser <literalka () gmail com>]

It's a good thing that Desktop Linux is dead/dying/never got off the
ground anyways, then!
-- 
========================================================
Leon Kaiser      - Head of GNAA Public Relations -
        literalka () gnaa eu || literalka () goatse fr
       http://gnaa.eu || http://security.goatse.fr
      7BEECD8D FCBED526 F7960173 459111CE F01F9923
"The mask of anonymity is not intensely constructive."
       -- Andrew "weev" Auernheimer
======================================================== 

On Fri, 2011-11-18 at 12:24 +0100, Mario Vilas wrote:

> Let's not overreact. We're talking about a guest account only on
> dekstop systems, for local login only, and perfectly visible to the
> user. The only problem I see here is not having a simple GUI way to
> disable the guest login for a non tech-savvy user, but no more. (Or am
> I missing something here?)
>
>
> On Thu, Nov 17, 2011 at 9:52 PM, Olivier <feuille () bibibox fr> wrote:
>
>         On 11/17/2011 08:34 PM, Ryan Dewhurst wrote:
>         > Are there any other services this may effect?
>         
>         The question could also be how many features like this are
>         (will be?)
>         silently enabled by default on new Ubuntu systems.
>         
>         "Perfect for business use, Ubuntu is safe, intuitive and
>         stable" --
>         http://www.ubuntu.com/business
>         
>         Ubuntu is clearly no more recommended for business use. End
>         users will
>         have to become security experts to avoid teenager's
>         attacks ... shameful
>         
>         
>         > On Thu, Nov 17, 2011 at 7:18 PM, Andrew N Dowden
>         > <andrew_dowden () softdesign net nz
>         > <mailto:andrew_dowden () softdesign net nz>> wrote:
>         >
>         >     On 18/11/11 23:46, Larry W. Cashdollar wrote:
>         >>     Anyone know what the default is for Ubuntu 11
>         >>
>         >>     PermitEmptyPasswords no
>         >>     PasswordAuthentication no
>         >>
>         >>
>         >>     in /etc/ssh/sshd_config?
>         >     for Ubuntu 11.10 (Oneiric)
>         >
>         >     snip: ( from */etc/ssh/sshd_config* )
>         >     --
>         >     # To enable empty passwords, change to yes (NOT
>         RECOMMENDED)
>         >     PermitEmptyPasswords no
>         >     --
>         >     # Change to no to disable tunnelled clear text passwords
>         >     #PasswordAuthentication yes
>         >     --
>         
>         --
>         Olivier
>         
>         
>         
>         _______________________________________________
>         Full-Disclosure - We believe in it.
>         Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>         Hosted and sponsored by Secunia - http://secunia.com/
>         
>
>
>
>
>
>
>
> -- 
> “There's a reason we separate military and the police: one fights
> the enemy of the state, the other serves and protects the people. When
> the military becomes both, then the enemies of the state tend to
> become the people.”
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/