Re: Debian Live CD - unsecured ssh open by default

To: debian-security@lists.debian.org
Subject: Re: Debian Live CD - unsecured ssh open by default
From: Ста Деюс <sthu.deus@openmailbox.org>
Date: Sat, 21 Feb 2015 18:18:00 +0700
Message-id: <[🔎] 20150221181800.2c24b5d6@STNset>
In-reply-to: <[🔎] 54CD6ED6.8030006@complete.org>
References: <[🔎] 54CD6ED6.8030006@complete.org>

В Sat, 31 Jan 2015 18:09:58 -0600
John Goerzen <jgoerzen@complete.org> пишет:

> A friend of mine pointed out to me recently that the Debian Live CD
> has ssh open to the network by default, and the "user" account --
> which has passwordless sudo to root privileges -- has a password that
> is well-known and easily found via Google.  This poses some nasty
> surprises for people that might be using it to repair systems on
> their LAN, and even worse surprises for people that might install the
> Live CD image to their system.
> 
> I have seen a few mentions of this online, but it doesn't seem that
> people are thinking of it as a security risk.  What is the best way to
> get this fixed?

No way, until distros be protected non-capitalists countries.

Sthu.

Reply to:

References:
- Debian Live CD - unsecured ssh open by default
  - From: John Goerzen <jgoerzen@complete.org>

Prev by Date: Re: Should we be alarmed at our state of security support?
Next by Date: Re: Should we be alarmed at our state of security support?
Previous by thread: Re: Debian Live CD - unsecured ssh open by default
Next by thread: Re: [SECURITY] [DSA 3148-1] chromium-browser end of life
Index(es):
- Date
- Thread