Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: Okay, so Linux isn't perfect

On 2006-03-13, Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx> wrote:
>>  Ubuntu 5.10 has a security flaw, during installation the answers the
>> user gives are logged. A mistake silently broke the process designed to
>> clear out the passwords from the log. So, by examining the logs one can
>> detect what the passwords were set to at install time.
> The hack will only expose the system to malicious access if:
> * A user chooses a bad-password that a dictionary-based script is able to
> exploit)

 Nope, this logs the passwords in cleartext. Definitely a Very Bad
Thing. The install routine's been substantially rewritten for the new
release coming up (Dapper Drake, "6.04").

> As I said before (along with the arguments above, but in a different
> context), I am yet to hear about 'disasters' that incurred due to this flaw.

 I haven't either, though we wouldn't have, necessarily.

> As Ray said, Windows has had similar embarrassment and users can recover
> administrator passwords using openly-shared workarounds. Since Ray uses Palm
> OS (I see him in these newsgroups), he will also know that protected data on
> the Palm is not truly protected once the handheld is stolen.

 I encrypt really private data so it's not quite as bad as all that. The
OS-provided security is, indeed, exceedingly weak, though.


 Ray Ingles                                      (313) 227-2317

    Microsoft Windows - A mistake carried out to perfection.

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index