[100568] in RedHat Linux List
Re: Hacked! :(
daemon@ATHENA.MIT.EDU (Sean Harding)
Sat Nov 21 21:42:38 1998
Date: Sat, 21 Nov 1998 18:45:51 -0800
From: Sean Harding <sharding@gutenberg.uoregon.edu>
Reply-To: Sean Harding <sharding@oregon.uoregon.edu>
To: redhat-list@redhat.com
In-Reply-To: <365776B4.2F03@nook.net>
Resent-From: redhat-list@redhat.com
On Sat, 21 Nov 1998, Ramon Gandia wrote:
> Not so. It will only work if you haven't got shadow passwords.
Obviously. This whole thing was taking the assumption from your first
message saying that if the person didn't have shadow passwords, the
encrypted passwords are easily available and the encryption is easy to
break. It's not, and it's not worth the time. There are way too many other
ways in. That's all I'm saying.
> With shadow passwords enabled, the only chance the cracker has
> is to crash a program running root priviledge, or telnet in
> and try a gazillion passwords.. a very slow process as I pointed
There are ways to get at the shadow file (or portions thereof) without
having a root shell. There are ways without having access to an account on
the machine. And there are definitely ways without telnetting in and
trying "a gazillion passwords."
sean
--
Sean Harding sharding@oregon.uoregon.edu|"art may imitate life
http://gladstone.uoregon.edu/~sharding/ | but life imitates t.v."
Consulting: http://www.efn.org/~seanh/ | --ani difranco
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com http://archive.redhat.com
To unsubscribe: mail redhat-list-request@redhat.com with
"unsubscribe" as the Subject.
