[100650] in RedHat Linux List

home help back first fref pref prev next nref lref last post

Re: Hacked! :(

daemon@ATHENA.MIT.EDU (Michael S. Dunsavage)
Sun Nov 22 15:22:25 1998

Date: Sun, 22 Nov 1998 15:29:47 -0500 (EST)
From: "Michael S. Dunsavage" <mikesd@ptd.net>
To: Sean Harding <sharding@oregon.uoregon.edu>
cc: redhat-list@redhat.com
In-Reply-To: <Pine.SGI.4.02.9811211842100.23339-100000@gutenberg.uoregon.edu>
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com

ok......u both seem to know what u are talking about, but let's NOT start
an argument on here...

--
Michael S. Dunsavage
----------------------
http://members.tripod.com/~zer002/

On Sat, 21 Nov 1998, Sean Harding wrote:

> On Sat, 21 Nov 1998, Ramon Gandia wrote:
> 
> > Not so.  It will only work if you haven't got shadow passwords.
> 
> Obviously. This whole thing was taking the assumption from your first
> message saying that if the person didn't have shadow passwords, the
> encrypted passwords are easily available and the encryption is easy to
> break. It's not, and it's not worth the time. There are way too many other
> ways in. That's all I'm saying.
> 
> > With shadow passwords enabled, the only chance the cracker has
> > is to crash a program running root priviledge, or telnet in
> > and try a gazillion passwords.. a very slow process as I pointed
> 
> There are ways to get at the shadow file (or portions thereof) without
> having a root shell. There are ways without having access to an account on
> the machine. And there are definitely ways without telnetting in and
> trying "a gazillion passwords."
> 
> sean
> 
> -- 
> Sean Harding sharding@oregon.uoregon.edu|"art may imitate life
> http://gladstone.uoregon.edu/~sharding/ | but life imitates t.v."
> Consulting: http://www.efn.org/~seanh/  | --ani difranco
> 
> 
> -- 
>   PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
> 		http://www.redhat.com http://archive.redhat.com
>          To unsubscribe: mail redhat-list-request@redhat.com with 
>                        "unsubscribe" as the Subject.
> 
> 
> 


-- 
  PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
		http://www.redhat.com http://archive.redhat.com
         To unsubscribe: mail redhat-list-request@redhat.com with 
                       "unsubscribe" as the Subject.
home help back first fref pref prev next nref lref last post