Hi, all
Little warning for yer...

At the weekend I did a new (experimental) install of RH9.
Now I thought, as I do almost all my work with Finnish keyboard, it'd be 'kewl' (bleagh!) to use some of our umlauted letters, e.g, ö,ä, and å. Doubt if many crackers and pond-life's would think to try those out. Plus, dramatically increases the search time of 'John the Ripper' and other crakz toolz

Now, the 'Password' phase of Red Hat installation accepted it as my root password OK.

But the login (runlevel 3) did NOT!

Yet, I can set them up in a user's password (from commandline, not the 'firstboot*') and everything's fine.

Odd.

* Firstboot. If setting up a machine without X, for gawd's sake don't load this! 1 megabyte for a program that's used once? Not quite--it pulls in metacity, which pulls in xsri, which pulls in Xfree86libs...96 megabytes total - for something to be used once??? Go figure.

Further warning - don't try to use a Samba link on a Windows machine to change your password. It completely stuffs it and you'll need to log in as root (unless you're daft enough to change the root password over samba in which case you need to boot in single user mode).

There are a few other things, but in general, don't mess with passwords and if you change the root password, open another console and "su" to root to make sure it works. If you close the console. it can be VERY hard to get it back. Linux is not designed to be exploitable.

Of course, with a Windows machine, lose your password and exploit a hole to get it back.

James

---- Of course, with a Windows machine, lose your password and exploit a hole to get it back. ----

or just click cancel to get to the desktop in 95, 98 and ME..

of course it's SO much harder in XP - boot to safe mode and log in as admin (which obviously has NO password) and change any password on hte system..

gotta love that windows security

windows security=BOOYA!

My PC's got an admin password...

Oh hell. I gotta post. My fingers are itchy (well, my LEFT hand is - the right is wrapped up!!!).

I finally trusted myself enough to crack my machine in work. A lovely NT4 box. Well, the first went south. Ten minutes to boot? Screw that. I ran clrdrv on it and they ditched that Hard Drice (wish I'd been hanging around the bins THAT day - the didn't even check it!!!).

Second machine - the current one - well, IE and the Display panels are "restricted". Yeah, and? Change a couple of registry settings (who cares if I can run RegEdit or not? I can just write the links and run them anyway). I'm, in.

My machine is MY MACHINE.

With "security" like this, it's no wonder that Microsoft must resort to TOC-type accusations of the open-source community.

The day Windows gets installed on the hard drive will be the day I smoke dope.

James

Originally posted by Satanic Atheist
The day Windows gets installed on the hard drive will be the day I smoke dope.

James

Well guess what you cracka, Windows is on a lot of harddrives right now. Better start puffin that magic dragon :P

(hehe)

But serious, if you change the admin password on XP, its harder to get in.

It's very hard to lock down any workstation if the person your trying to keep out has local access, I have a boot disk that will reset the Administrator password on any NT based Windows computer. You would have to go to great lengths to lock down any local workstation, hacking a computer sitting in front of you isn't big or clever, my only concern is someone trying to gain access remotely. That's when the Administrator password is obviously needed or people will have full access to your computer. It's amazing the amount of people online who don't have an Admin password, probably because they installed the OS themselves and thought they knew what they were doing...

Anyone that thinks a workstation is secure, but still allows booting from Floppies/CDroms should consider a career in Cheese Sales.

Disable Booting from anything but the HD, Password Protect the BIOS, and secure the Case.
Now at least they have to work for it.

Dave

To get into winXP... take a windows 2000 cd, boot from it, use the recovery console and your on as a unrestricted user! No password.