|
|
rwho and cousins are a security risk
rwho and ruptime can be pretty convenient, but they belong to a class of services that were invented way back when the network was trusted. These days they are considered security risks, so DON'T run the rwhod on any machine that is exposed to traffic from the internet. I don't even run these services within firewalls.
rwho and cousins are a security risk
Being an immature sys admin, I like to try new services on my machines. If at a point I find it caused a security issue, I try to resolve it. I had spoken to another person who had thought that rwhod might be a security risk as well. However, when searching for known issues for this old service, I did find one security hole that was patched almost 4 years ago. If you know of any other security issues that this may cause, please share with me (us).
rwho and cousins are a security risk
No, I don't have a specific vulnerability in mind. And certainly, if you are in learning mode you should experiment all you want.
rwho and cousins are a security risk
One must remember though just because the daemon itself doesn't have a vulnerability ( or at least one known ) doesn't mean that its generally safe to run the service. You also have to understand what information is being leaked because of the service. For example rwhod one can get uptime information but as well login information. So I can get usernames on your machine of active people. |
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.08 seconds |
|