[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

To: Olivier <feuille@xxxxxxxxxx>
Subject: Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default
From: Mario Vilas <mvilas@xxxxxxxxx>
Date: Fri, 18 Nov 2011 12:24:36 +0100

Let's not overreact. We're talking about a guest account only on dekstop
systems, for local login only, and perfectly visible to the user. The only
problem I see here is not having a simple GUI way to disable the guest
login for a non tech-savvy user, but no more. (Or am I missing something
here?)

On Thu, Nov 17, 2011 at 9:52 PM, Olivier <feuille@xxxxxxxxxx> wrote:

> On 11/17/2011 08:34 PM, Ryan Dewhurst wrote:
> > Are there any other services this may effect?
>
> The question could also be how many features like this are (will be?)
> silently enabled by default on new Ubuntu systems.
>
> "Perfect for business use, Ubuntu is safe, intuitive and stable" --
> http://www.ubuntu.com/business
>
> Ubuntu is clearly no more recommended for business use. End users will
> have to become security experts to avoid teenager's attacks ... shameful
>
>
> > On Thu, Nov 17, 2011 at 7:18 PM, Andrew N Dowden
> > <andrew_dowden@xxxxxxxxxxxxxxxxx
> > <mailto:andrew_dowden@xxxxxxxxxxxxxxxxx>> wrote:
> >
> >     On 18/11/11 23:46, Larry W. Cashdollar wrote:
> >>     Anyone know what the default is for Ubuntu 11
> >>
> >>     PermitEmptyPasswords no
> >>     PasswordAuthentication no
> >>
> >>
> >>     in /etc/ssh/sshd_config?
> >     for Ubuntu 11.10 (Oneiric)
> >
> >     snip: ( from */etc/ssh/sshd_config* )
> >     --
> >     # To enable empty passwords, change to yes (NOT RECOMMENDED)
> >     PermitEmptyPasswords no
> >     --
> >     # Change to no to disable tunnelled clear text passwords
> >     #PasswordAuthentication yes
> >     --
>
> --
> Olivier
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
“There's a reason we separate military and the police: one fights the enemy
of the state, the other serves and protects the people. When the military
becomes both, then the enemies of the state tend to become the people.”

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default
  - From: Valdis . Kletnieks
- Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default
  - From: Leon Kaiser

References:
- [Full-disclosure] Ubuntu 11.10 now unsecure by default
  - From: Olivier
- Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default
  - From: Dave
- Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default
  - From: Mario Vilas
- Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default
  - From: Valdis . Kletnieks
- Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default
  - From: Larry W. Cashdollar
- Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default
  - From: Andrew N Dowden
- Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default
  - From: Ryan Dewhurst
- Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default
  - From: Olivier

Prev by Date: Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default
Next by Date: Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default
Previous by thread: Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default
Next by thread: Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default
Index(es):
- Date
- Thread