| 1 |
* Krzysztof Pawlik <nelchael@g.o> schrieb: |
| 2 |
|
| 3 |
> Interesting... to me that's not only stupid but also kinda useless - there's no |
| 4 |
> difference between brute-forcing a password for user named 'foo' or 'root' - |
| 5 |
> user name doesn't matter much. Actually according to my ssh logs attackers |
| 6 |
> usually don't even try root, they try other user account names way more often. |
| 7 |
|
| 8 |
ACK. And if you're really frightened of someone cracking the user "root"'s |
| 9 |
password/key, you simply could lock that account and add another superuser. |
| 10 |
|
| 11 |
Keep in mind, these BSI guys are beaurocrats, not hackers. If they were |
| 12 |
hackers, they'd prefer source distros over binary ones to add more randomness |
| 13 |
to the overall installed machine code ... |
| 14 |
|
| 15 |
|
| 16 |
cu |
| 17 |
-- |
| 18 |
--------------------------------------------------------------------- |
| 19 |
Enrico Weigelt == metux IT service - http://www.metux.de/ |
| 20 |
--------------------------------------------------------------------- |
| 21 |
Please visit the OpenSource QM Taskforce: |
| 22 |
http://wiki.metux.de/public/OpenSource_QM_Taskforce |
| 23 |
Patches / Fixes for a lot dozens of packages in dozens of versions: |
| 24 |
http://patches.metux.de/ |
| 25 |
--------------------------------------------------------------------- |
Archives