| 1 |
*discovers 'reply' doesn't send to the list - for about the sixth time in |
| 2 |
as many months* |
| 3 |
(Can someone please add a reply-to to the list software? It's a pain.) |
| 4 |
|
| 5 |
|
| 6 |
Well, it's possible, but relatively moot. Unless you can automate it |
| 7 |
or are the sys admin for some place (in which case you definately |
| 8 |
shouldn't be doing this), It's a very specific attack with low yield. |
| 9 |
Yes, it's not the strongest security, but if you need to hack an ISP |
| 10 |
nameserver or proxy to exploit it it's pretty moot. |
| 11 |
|
| 12 |
Admittedly, proxying modems and other such non-admin-installed |
| 13 |
plug-and-forget hardware may be at risk. My dsl modem has the |
| 14 |
stupidest setup - admin/admin as a default login, telnet access always |
| 15 |
open to the 'net, and it can do dns proxying, although I don't think |
| 16 |
it's in my ISP's default installation instructions. But with the bad |
| 17 |
login, I'm sure some other people with the same modem didn't change |
| 18 |
that and could be exploited. Yes, making portage authenticate somehow |
| 19 |
would help... |
| 20 |
|
| 21 |
Still, it sounds like a niche hack, I'll bet there are more pressing matters. |
| 22 |
|
| 23 |
--Bart |
| 24 |
|
| 25 |
-- |
| 26 |
gentoo-security@g.o mailing list |
Archives