[NTLUG:Discuss] Security
J. Reeves Hall
reeves at earthling.net
Wed Sep 22 14:33:21 CDT 1999
I just learned the hard way that passwords should be shadowed...
I user I thought I could trust grabbed /etc/passwd, and successfully
rooted... He changed the root password, but AFAIK he didn't do anything
else.
IF YOU HAVEN'T SHADOWED YOUR PASSWORDS, DO IT NOW!!! I don't know why
Red Hat doesn't do that by default...
After this happened I downloaded a program called John The Ripper and
fired it at my passwd file. It recovered 6 of the passwords in 30
minutes. The root password is very difficult (no easily discernible
pattern to the characters) but it seems they got it.
My machine is neutron.uberhax0r.net. If anyone can offer any security
suggestions, I'd be grateful. Just please don't crash the system or
cause any damage if you do manage to get in.
-Reeves
--
In a world without fences, why do we need Gates?
J. Reeves Hall - Georgia Tech (CS Major)
[overcode at resnet.gatech.edu]
More information about the Discuss
mailing list