Re: [SLUG] WAS about Linux virii

From: Bill (selinux@home.com)
Date: Thu Feb 14 2002 - 00:26:14 EST


On Wednesday 13 February 2002 19:31, you wrote:

> I can't think of why logging in as root is a security problem,
> if you are logged in as `Joe', that doesn't prevent a Trojan
> horse from sending your password to a guy named Lu (in China)
> that tenets into an open port and logs in as root and E-mail
> your private thoughts to him. (or what ever)

A) ditch the telnet server AND client. SSH does pretty much the same job but
uses encryption. IMHO, anybody who makes a practice of telnetting deserves
what comes next. If there are times when only telnet will work, (when?) then
telnet, do what needs to be done and then terminate telnet completely.
B) the trojan could not install its own servers because it would need more
priveleges than Joe is supposed to have and because you were security
conscious, you don't have any known insecure ports open ... right?
C) there is no way for Lu to get the root password except by breaking the
encryption or by asking Joe for it.

BIll

>

-- 
We're sorry, but due to ongoing security concerns, we no longer accept e-mail 
attachments created by Microsoft applications. Please accept our apologies for
any inconvenience. -- Staff & Management



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 16:05:07 EDT