Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Click here to return to the 'rwho and cousins are a security risk' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
rwho and cousins are a security risk
Authored by: nullchar on Feb 16, '02 03:29:44PM

One must remember though just because the daemon itself doesn't have a vulnerability ( or at least one known ) doesn't mean that its generally safe to run the service. You also have to understand what information is being leaked because of the service. For example rwhod one can get uptime information but as well login information. So I can get usernames on your machine of active people.

Imagine you have ssh running on your machine well now since I have a username I have half the battle won I just need to crack your password ( if you haven't disabled password auth in ssh naturally. Easier said then done sometimes I know but how many times do you check your OS X machine for failed ssh attempts?). Think if you activate the root account on your OS X machine. Since OS X ships SSH with password authentication on and root logins possible there's another possibility.

Another example is uptime can leak information indirectly. For example if I find out the machine is running linux and has an uptime of 2+ years. Well I know then you are probably running a 2.0 kernel and cross reference vulnerabilities on that kernel arcitecture. Yes I know nmap give me this info anyways ;)

So to recap if you want to be security aware and run "safe" machines. Looking up possible vulnerabilities is only half the solution. Understanding what the services give away is truely important ;)

[ Reply to This | # ]