Replies

Since this is a privilege escalation attack, it can only be used by a user who already has a login, right? It is basically an internal threat from someone who is already valid on the server.

For Android users, it may be more of a problem. There was a sidebar article which pointed out that one-third of Android users don't bother with a passcode on their phones which would mean that if their phone were stolen, root would be accessible. But of course, with no passcode, everything would be open anyway. These are probably people who don't bother with passwords on their computers either, though.

Then on a shared computer system, anyone with a passcode could be a threat.

8 posted on 01/20/2016 6:51:20 PM PST by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue....)

I am talking about a genuine Linux server. Mine has two accounts, and I am the only one who knows the passwords. It’s an Ubuntu server, so there is no root account.

9 posted on 01/20/2016 6:54:27 PM PST by proxy_user

My phone is a phone. I do no banking or any of that stuff on it.

That said, I do access my email on it, so those passwords are vulnerable. So I should probably be a little more security oriented in that regard.

15 posted on 01/20/2016 7:19:20 PM PST by ChildOfThe60s (If you can remember the 60s, you weren't really there....)

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794