This is about security.
I recently got referred to the pwn2own contest results. Very interesting stuff. It’s been run for 3 years now, Mac went down first every time, Windows 2nd. Ubuntu is the Linux distro used, and it hasn’t gone down at all. BUT, the pwners, and the pwn2own organizers have publicly stated that nobody is even trying to pwn the Ubuntu machine! They say the Mac machine goes down first because that gets rep. The Windows machine goes down next because ppl can do it, but the top hackers aren’t using their hacks there, since they say the hacks are worth more money than the contest is paying ($5 or $10K)! All very interesting stuff, along with the Brit hacker getting past SOHO router hardware firewalls, reported in the Register recently.
Got me thinking about security again. I decided it might be a wiser choice to set up my root account like Ubuntu’s default, and rely on sudo. Since all my machines are more desktops than servers, this makes sense to me as a security measure. *
This seems like a good topic for flamebait, but I’d like to hear opinions on some of the pros and cons of the idea. And there are some obvious questions, how will Yast2 act (gui root pw request)? And, if the root account pw is disabled, you can’t use gksu (gnomesu), and you’d have to get gksudo installed somehow.
My thinking goes back to old training as a network admin: you never, ever enable the “Admin” account, since everybody knows that user-name. Root is the same way. So if somebody can get to my open ports thru my router, I’m concerned! [On the flip side, it should be noted that in pwn2own, nobody could get into ANY of the boxes this way, with all ports on install default. Not Mac, not Vista, not 7, not Ubuntu. But I also know Ubuntu default sets iptables to Deny, so nothing is really “open”. My user setup has more open than that. Hackers had either 4 hours or the full day to try that way. It appeared to me that all the hax got in thru javascript or flash, and once in, pwned. So they had to have a url, or an email (which had to be opened) to get in.]
Long post, but interesting stuff - to me. Your thots? Corrections? Rants?*