Mailinglist Archive: opensuse-factory (710 mails)
| < Previous | Next > |
Re: [opensuse-factory] disable autologin as default
- From: todd rme <toddrme2178@xxxxxxxxx>
- Date: Wed, 22 Jun 2011 07:30:36 +0200
- Message-id: <BANLkTinb4M-w+Ms-KFpeMme2zf8u3RJ1mg@mail.gmail.com>
On Wed, Jun 22, 2011 at 5:50 AM, Rajko M. <rmatov101@xxxxxxxxxxx> wrote:
Let's be realistic here. Login may not provide as much protection as
an encrypted drive, for instance, but it does provide some protection,
especially against unsophisticated attackers. There are different
levels of attack sophistication and different levels of attacker
skill. Most people don't even know what a livecd is, not to mention
how they can use one to get unauthorized access to a system. Most
attackers are going to focus their efforts on targets that require the
least time and effort, since time and effort increase the risk of
being caught. So is the protection perfect? No. Would it stop any
of us? No. But that doesn't mean that it provides no protection at
all.
-Todd
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx
On Tuesday, June 21, 2011 05:44:13 PM jdd wrote:
I just learned that it's possible to have autologin with passwd
enabled (locked) right after boot, this seems to fix all the problems.
What problems?
You just switched place where login happens, which allows user services to
start, but security is not increased for a bit.
If you leave computer unattended, who will prevent reboot with Live system and
theft of data, installation of malware, and what not? When you come back, you
will see your login and think all is fine :)
Without login you will at least be aware that anyone can use computer and will
not leave it, which is protection from more attack vectors then login alone.
Is it possible to have this as default?
Sure it is :)
Anyone can have on computer anything as default, but, please, don't insist
that false sense of protection is way to go.
--
Regards,
Rajko
Let's be realistic here. Login may not provide as much protection as
an encrypted drive, for instance, but it does provide some protection,
especially against unsophisticated attackers. There are different
levels of attack sophistication and different levels of attacker
skill. Most people don't even know what a livecd is, not to mention
how they can use one to get unauthorized access to a system. Most
attackers are going to focus their efforts on targets that require the
least time and effort, since time and effort increase the risk of
being caught. So is the protection perfect? No. Would it stop any
of us? No. But that doesn't mean that it provides no protection at
all.
-Todd
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx
| < Previous | Next > |