Re: [beagleboard] Re: Root login change?
On Fri, Mar 3, 2017 at 5:56 AM, Dennis Lee Bieber wrote: > Let me guess -- the next step will be to have the first connection > to > "debian/temppwd" require the user to change the password. > Anyone with half a brain should already be doing that one their own. Or expect to get "hacked". Quoting hacked, because it's not a hack, it's stupidity on the users behalf. -- For more options, visit http://beagleboard.org/discuss --- You received this message because you are subscribed to the Google Groups "BeagleBoard" group. To unsubscribe from this group and stop receiving emails from it, send an email to beagleboard+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/beagleboard/CALHSORqnfg3RPLYRzAgqy3VerTj%3D66pqS42ktmiMsGC0VV-kKQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [beagleboard] Re: Root login change?
So let's imagine, someone gaining root access( known as rooting, or being rooted ) to your system is feeling charitable, and only runs something like: *WARNING - Do not do this ! You've been warned.* # gzip -9 -r / What do you suppose will happen, and then what do you suppose you will do to fix this problem ? Removing files recursively + forcefully would probably be more likely. But worse still, what if the attacker simply hides a well written executable on your system some where ? Does this system belong to a business that uses it in some way to deal with sensitive data ? How secure if your local network ? What kind of damage are you most afraid of happening to systems on your network ? Just think about the above for a while until it sinks in. On Fri, Mar 3, 2017 at 6:28 AM, William Hermans wrote: > > > On Fri, Mar 3, 2017 at 5:56 AM, Dennis Lee Bieber > wrote: > >> Let me guess -- the next step will be to have the first >> connection to >> "debian/temppwd" require the user to change the password. >> > > Anyone with half a brain should already be doing that one their own. Or > expect to get "hacked". Quoting hacked, because it's not a hack, it's > stupidity on the users behalf. > -- For more options, visit http://beagleboard.org/discuss --- You received this message because you are subscribed to the Google Groups "BeagleBoard" group. To unsubscribe from this group and stop receiving emails from it, send an email to beagleboard+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/beagleboard/CALHSORr%2BwJfZ8QQj3AD0B50x-f%3Dzfe-p8srwuQVESwT%2BGYnG0A%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [beagleboard] Re: Root login change?
On Fri, Mar 3, 2017 at 5:53 PM, Dennis Lee Bieber wrote: > > > Well -- if I were exposing one to the wild, I'd probably delete the > debian account too, after creating a new user account. > > That's understandable. One could actually just change the account name if they wished, along with the home directory. This leaves UID as 1001, which might be preferred for some cases. This has to be done as the root user, but there is nothing really wrong with using root, when needed. Anyway, I start to get "evangelical" when it comes to security, as I worked in the security sector for a little while, and saw first hand the silly things people do, because they do not understand the implications of not operating a computer responsibly. Then these same people claim they've been "hacked" when really,no, they were not. Theend result is that we start seeing ( best case ) BotNET's with the ability to take down whole large domains at a whim. Worse case, people or organizations have things stolen form them. -- For more options, visit http://beagleboard.org/discuss --- You received this message because you are subscribed to the Google Groups "BeagleBoard" group. To unsubscribe from this group and stop receiving emails from it, send an email to beagleboard+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/beagleboard/CALHSORpSqHEbHDmtDz03DgZ4ufvey5t4yMPHgAx14is6szry_A%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
