-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ron Arts wrote: > Even though the root password was strong? > > Ron In the wild? Yep. Although indirectly. What happened was some one got a hold of a backup and restored the / partition to a system for which they owned root, then did a password crack against the /etc/shadow file. They apparently got the backup through compromising a user account, then finding a file that had a backup stored in an insecure directory. Doing pen testing, I have found directories on systems where the average user could find files of cracked passwords (including root) that internal security people had created while testing password strength, and I have found previous pen test reports that disclosed cracked root passwords that were still the same password a year or more later. Worse, I have found NIS, NIS+, and LDAP directory services that contain a root password common to all systems. If you can crack ANY account on a system, you can probably get to root sooner rather than later. When doing pen testing or ethical hacking, it is rare that I cannot recover the root password hashes; then it is just a matter of time until I own root. Worse, it is all too often that I am able to grab root passwords sent over the network in clear text using telnet, ftp, ad. nauseam. (See the DSniff tool kit, for example.) Jon Kibler - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-224-2494 s: 843-564-4224 My PGP Fingerprint is: BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhNnYsACgkQUVxQRc85QlM37ACfdNINr4+ya1VLC5ckKauk1+1r EgoAnjLBlUVOE2ajeUOMaRrqSzK1d3P9 =gqru -----END PGP SIGNATURE----- ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
