[mdlug] [WLUG] SuSE root breakin help needed
Peter Bart
peter at petertheplumber.net
Tue May 27 13:09:54 EDT 2008
On Tue, 27 May 2008 00:20:51 -0400 (EDT)
Robert Meier <list1c30fe42 at bellsouth.net> wrote:
> Jay, Robert, Al, Jeff, Peter,
>
> As amply demonstrated on this thread,
> login passwords are little protection
> against an attacker with physical access,
> but are a major waste of time to a servicer.
Agreed!
>
> Consider writing the root password on an index card,
> putting it in a sealed envelope,
> and putting the sealed envelope inside the case.
Sorry, that's like the old magnetic key safes for car keys. I
don't do that anymore, it's to much of an invitation.
>
> If the computer is stolen,
> you save the attacker some time recovering unencrypted data,
> but arranging the theft probably took longer.
The theft might be spur of the moment. Some of my customers
still are getting hit by these well dressed bandits that simply walk in
and take unattended equipment. I get the impression these thiefs go
cruise busy office buildings every day and take what they can when they
can.
>
> If the computer needs service,
> you save the supporter much time,
> likely more than the actual service operation.
A little foresight and no problems here. Both from the customer and
the vendor. I usually change the passwords and include a sticky note
with them on it in the package.
>
> From a financial supply house,
> you can get "secure bags" that provide varying degrees
> of difficulty to open, and varying degrees of difficulty
> resealing without detection.
>
> Hopefully helpful,
There is no substitute for physical security.
Best Regards,
--
Peter The Plumber sm on the Road
State Licensed Plumber
More information about the mdlug
mailing list