1 |
*discovers 'reply' doesn't send to the list - for about the sixth time in |
2 |
as many months* |
3 |
(Can someone please add a reply-to to the list software? It's a pain.) |
4 |
|
5 |
|
6 |
Well, it's possible, but relatively moot. Unless you can automate it |
7 |
or are the sys admin for some place (in which case you definately |
8 |
shouldn't be doing this), It's a very specific attack with low yield. |
9 |
Yes, it's not the strongest security, but if you need to hack an ISP |
10 |
nameserver or proxy to exploit it it's pretty moot. |
11 |
|
12 |
Admittedly, proxying modems and other such non-admin-installed |
13 |
plug-and-forget hardware may be at risk. My dsl modem has the |
14 |
stupidest setup - admin/admin as a default login, telnet access always |
15 |
open to the 'net, and it can do dns proxying, although I don't think |
16 |
it's in my ISP's default installation instructions. But with the bad |
17 |
login, I'm sure some other people with the same modem didn't change |
18 |
that and could be exploited. Yes, making portage authenticate somehow |
19 |
would help... |
20 |
|
21 |
Still, it sounds like a niche hack, I'll bet there are more pressing matters. |
22 |
|
23 |
--Bart |
24 |
|
25 |
-- |
26 |
gentoo-security@g.o mailing list |