Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Putty Proxy login/password discolsure....
From: Paul Schmehl <pauls () utdallas edu>
Date: Wed, 25 Oct 2006 14:16:32 -0500

--On Wednesday, October 25, 2006 23:57:15 +0530 Raj Mathur <raju () linux-delhi org> wrote:

On Wednesday 25 October 2006 23:14, cardoso wrote:
Exactly. A few years ago I used to deal with linux fanboys showing
them the cute trick of "linux single" at boot time. After a few
hours begging for the admin password, I teached the trick and they
usually stopped the brag about how security Linux was.

Can't do that in most modern distributions today -- they're configured
to ask for root password before they give a single-user shell.

Not that there aren't other ways around that restriction...

Precisely - like booting from a Knoppix cd, mounting the drives rw....you get the picture. Physical access == total access. Worst case scenario, I simply remove the drives and mount them on a box that I do control.

Paul Schmehl (pauls () utdallas edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault