Hello, George. Approximately 85% of successful hacks ("cracks" for the purists out there) come from people on the inside. Physical security is very important when dealing with servers, but is much harder to implement for workstations. For example, if I have access to an NT Server, I can switch it off, power it back up, boot it off a DOS diskette, run NTFSDOS and have full access to the file system. Next I strip out the SAM database, since NT is not running, I can get the live version, and then run it through something like L0phtCrack and I will have the current user list and their passwords in no time at all. On a Linux box, I can walk up to your machine, reboot it, and at the LILO prompt type "linux single". Some of the more lax distributions will not prompt you for a password at all, but simply log you straight on as root with full privileges. If security is such a big issue, you need to start using some sort of encrypting file system on your hard drive, and IPSec for network traffic. Of course, these are not the only options, I'm sure others on the list will add more. Maybe something as simple as a BIOS password will save you a lot of worries. IMHO, if your own staff are giving you such trouble, you need to find some new ones. If they work for you, it's time to lay down the law that this sort of behaviour will not be tolerated. Bye for now, Stuart.
-----Original Message----- From: RussianFirm [mailto:russianfirm@yahoo.com] Sent: Sunday, August 27, 2000 10:38 AM To: suse-linux-e@suse.com Subject: [SLE] I don't feel secure with SuSE Linux
Hello, one of our workers complained that someone hacked into his Win 2000 machine, which is double password protected. They got into his email account, and placed his private mail into a text file. I was surprised. I didn't even know it was possible to break into someones email account. Cookies???
Now I'm concerned. I use SuSE Linux. What stops someone from popping in the SuSE CD, go into rescue mode, deleting my root password, then enter into my computer as root!?! From what I've read on the thread, this does not seem too difficult. And our company has more than a few top notch Russian programmers.
George
__________________________________________________ Do You Yahoo!? Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com
Also check the FAQ at http://www.suse.com/support/faq
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq