> Well, who cares if one of them uses a weak password?
WOW!, so, for you, it isn't important if you have a non legitimate
user, that can use your machine as base for attacking another
machines. And, of course, it isn't important if you have an atacker
in your system with all the time of the world to can search
vulnerabilities in your system. The first step of any atack is
always get some non privileged account and later try to get root
privilegies from it.
And when you have a big number of users, it means that the atacker
is going to have more of one password of users, so when you detect
the intrussion the only thing you can do is change the password of
all the users...
There is a very good book that shows the problem of users with
weak password, "The cuckoo's Egg". It is a novel based in the experience
of Clifford Stoll hunting a hacker at the end of 80's, but a lot
of things can be applied today (there is also a technical paper, but
the novel is really good and less boring ;)).
Regards,
--
Roberto E. Vargas Caballero
Received on Wed Jun 04 2014 - 17:40:39 CEST