[clug] Drive-By Pharming Attack Could Hit Home Networks
Kim Holburn
kim.holburn at gmail.com
Thu Feb 22 17:19:24 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 2007/Feb/22, at 11:46 AM, Sam Couter wrote:
> Kim Holburn <kim.holburn at gmail.com> wrote:
>> I like the idea of a password based on mac address or serial number.
>> It has some inherent security compared with a default password.
>
> The MAC address is broadcast with every packet. No good basing secrets
> on that.
If wireless is not active until the password is changed then it is
not an issue. mac address is only broadcast on the local subnet.
>
>> Surely it could be done as a script? The system wakes up after a
>> reset to default and says to itself - "No password - create a new one
>> from the serial number with this script. There, that's better. Now
>> I'll allow wireless to be activated." Then all copies of the OS
>> could be the same.
>
> Where does it get the serial number from if all the images are
> identical?
Like I said: a start-up script that looked at the admin password on
start up and if it was the default, changed it to the mac address.
Kim
- --
Kim Holburn
IT Network & Security Consultant
Ph: +39 06 855 4294 M: +39 3342707610
mailto:kim at holburn.net aim://kimholburn
skype://kholburn - PGP Public Key on request
Democracy imposed from without is the severest form of tyranny.
-- Lloyd Biggle, Jr. Analog, Apr 1961
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iD8DBQFF3dCm38zqvCNRL3YRAtPjAKD4vw+cLZB7t8xRcIEhuFItVOcXSQCgnPEY
eQV0TpoRtPHcWNpd01vU8e0=
=+v5G
-----END PGP SIGNATURE-----
More information about the linux
mailing list