On 03/02/2015 05:16 PM, Mike Chambers wrote:
Hey all, Obviously when installing F22 now, you have that new password security level to make you jump through hoops to set a password during install. I understand the reasoning for "secure" passwords, but there is one catch.
What will happen is that a single (or small subset) of passwords will be used for root during install (Fedora_Project works fine, you don't have to add the 123 at the end). User ID setup will be done with admin rights and no password required. Then after install is complete, passwd would be used to set up a 'regular' password for root and the user.
Meanwhile the system is on the net with a known root password and maybe a knowable user ID for N minutes with SSH up and running and open. What is the exposure.
Besides SSH what other attack vector exists until the passwords are reset?
*I* am the admin at my house hold, and *I* am the admin at my company (scenario speaking), and *I* set how secure I want passwords set at those locations, not *you*. I will determine how tough I want my systems, I don't need any hand holding, nor help. And in reality, we don't have a lot of kids, grandmas, grandpas, careless operators, typical window users using these systems as normal everyday workstations like window users, so they aren't going to experience the same issues. Linux is not like windows, it doesn't have the same type system, so the same type things won't hurt it. Most stuff that will get hurt, stolen from, hacked, whatever is online stuff such as banks, credit cards stuff, etc.. In other words, give us the tools to help get people in the right direction, but don't try to turn the wrench as well. That's up to use to get it how tight we want. Whether it falls apart or not, is on us. Besides that, I changed that crap back to what I wanted in the first place after the install. So your security was breached off the bat. Please get rid of it and set it back to like before. Thanks and have a good day,
-- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
