root mode: heresia? ... and more largely security

Non release banter
markds
Legendary
Legendary
Posts: 43
Joined: 28 Dec 2012, 02:58
Distribution: Slackware
Location: Singapore

Re: root mode: heresia? ... and more largely security

Post#61 by markds » 31 Jan 2016, 12:43

My sources? 25 years of experience, collaborations, discussion and actually doing the job people just talk about. Nothing of what I have said can't be verified or is not backed up by tonnes practical situations and actual exploits which anyone who is half interested can search for on Google. Try these key words

privilege escalation
XSS+ MySQL
exploit database
CVE
unix services

Find me one link that says "my machine and network was hacked because I logged into my Linux as root".

In any case Aus9, it's all good. As I alluded to, this is the exact reason I left all forums, from Backtrack to Slax. Same story all the time. Francois pm me and asked me to look at this topic and give my 2 cents worth. I have done so.

I wish everyone enjoys the experience of learning through forums. Hopefully the people who know what they are talking about are the ones contributing.

aus9 wrote:guys

francois has changed the thread subject but normal protocols still apply. If you are going to debate someone please cite known references and altho I am guilty of this myself try and not look you are questioning the other person....meaning showing disrespect.

healthy debate is good.....rather than say something is the case or something you said is not the case how about citing some references?

I think francois from day one, has been asking the question is it safe to login as root. He has a number of replies some for and some against.

Lets try and clean up the main theme and I will send anyone who is naughty to the naughty corner. I have been there its a lonely place

OK?

offtopic ask 2 doctor gurus what is wrong with me?
Dr 1 there is nothing wrong with me
Dr 2 everything

So without good links what do I do? We need to educate our members and take them on a journey....spoon feeding is allowed sometimes

User avatar
brokenman
Site Admin
Site Admin
Posts: 5503
Joined: 27 Dec 2010, 03:50
Distribution: Porteus v3.2rcX all desktops
Location: Brazil
Contact:

Re: root mode: heresia? ... and more largely security

Post#62 by brokenman » 31 Jan 2016, 15:59

So there you have it. Security is quite a vague term and always starts debate. Log in as root if you know the risks. What I took from this is that you can easily cause havoc with an incorrect command (as root) but you are really only saving yourself from yourself. Half the services on your machine are running as root and if these services are breached, whoever breaches them also has that same access. Start by securing the front door (your network) and then keep your system up to date to minimize attack vectors. Remember that most of the good exploits are not known to the general public until some time after they are popularized. Wireless networks are fair game so use a good password. Just by pressing a button, an attacker can bump you off, forcing re-authentication, at which point they can sniff the handshake which will give them information to proceed.

Oh, and if you piss off the wrong person and become prey. Best unplug.

Thanks for dropping by and imparting your experience Markds. Much appreciated. I would say the door is always open for you, but somehow I think it wouldn't matter if we locked it. :wink:
How do i become super user?
Wear your underpants on the outside and put on a cape.

User avatar
phhpro
Full of knowledge
Full of knowledge
Posts: 545
Joined: 10 Nov 2013, 20:35
Distribution: .

Re: root mode: heresia? ... and more largely security

Post#63 by phhpro » 31 Jan 2016, 22:06

...
Last edited by phhpro on 04 Feb 2016, 03:32, edited 1 time in total.

markds
Legendary
Legendary
Posts: 43
Joined: 28 Dec 2012, 02:58
Distribution: Slackware
Location: Singapore

Re: root mode: heresia? ... and more largely security

Post#64 by markds » 31 Jan 2016, 23:36

Keep talking pal, just digging that hole of yours all the much bigger.

Aus9, no personal attacks huh?

markds
Legendary
Legendary
Posts: 43
Joined: 28 Dec 2012, 02:58
Distribution: Slackware
Location: Singapore

Re: root mode: heresia? ... and more largely security

Post#65 by markds » 31 Jan 2016, 23:40

Thanks Jay, it has been fun - most of it. But I'll stay in private mode, pm me if needed for the project.

brokenman wrote:So there you have it. Security is quite a vague term and always starts debate. Log in as root if you know the risks. What I took from this is that you can easily cause havoc with an incorrect command (as root) but you are really only saving yourself from yourself. Half the services on your machine are running as root and if these services are breached, whoever breaches them also has that same access. Start by securing the front door (your network) and then keep your system up to date to minimize attack vectors. Remember that most of the good exploits are not known to the general public until some time after they are popularized. Wireless networks are fair game so use a good password. Just by pressing a button, an attacker can bump you off, forcing re-authentication, at which point they can sniff the handshake which will give them information to proceed.

Oh, and if you piss off the wrong person and become prey. Best unplug.

Thanks for dropping by and imparting your experience Markds. Much appreciated. I would say the door is always open for you, but somehow I think it wouldn't matter if we locked it. :wink:

Post Reply