Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: Does the root password need to be set on OSX?

  1. #11
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hmmm,

    What if they crack the safe?
    Once again, that is the balance between physical and electronic security? They would still need to get into the computer room and know how to operate the box. Also the security compromise would be pretty obvious.

    One last thing nihil - weren't there some missiles whose launch codes were 0000 or something?
    Yes, actually this is not surprising or scary. You are talking about battlefield/tactical weapons and those dropped from aircraft. You are already at defcon 1 in that situation.


  2. #12
    Senior Member
    Join Date
    Jul 2004
    Posts
    548
    Originally posted here by nihil

    Once again, that is the balance between physical and electronic security? They would still need to get into the computer room and know how to operate the box. Also the security compromise would be pretty obvious.
    I know - I was just kidding . They'd have to break into the place first anyway

    Yes, actually this is not surprising or scary. You are talking about battlefield/tactical weapons and those dropped from aircraft. You are already at defcon 1 in that situation.
    Ah ok - I thought they were ground-launched ones.

  3. #13
    Junior Member
    Join Date
    Oct 2004
    Posts
    6

    Cool Root User Disabled by Default in OSX

    Just to set the record straight.

    The Root user account in OSX is disabled by default. To do anything as Root, you either need to enable the Root account (not recommended) or use the SUDO command to allow an Admin privileged user to perform Root functions.

    Whenever an OSX machine is first setup, the initial user is an Admin account and NOT Root. This is a much safer configuration. Of course there are always additional areas to improve with OSX security such as enabling secure memory mode in the Security preference pane and enabling a password protected screensaver. Oh, yes, use a strong password and don't write it down.

    --Old School is New School--

  4. #14
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    I keep seeing a theme in AO threads by new(er) members. The trend is that most people believe that password cracking is a rampant problem (and must be defended against at all costs), when in reality, it is not. There are soooo many easier ways to compromise and steal these days. Who needs to crack passwords?

    Just like street level criminals, cybercriminals (yep, another coined phrase) are looking for targets of opportunity. They will always gravitate towards the easiest targets unless there is a very specific motive for targeting your host, i.e., there is something unique on there that has tremendous value to the said cybersleeze.

    Also remember that most home users don't have many things worth the effort of grinding passwords remotely (very noisy process). And, if a bad guy does get physical access you're pwned - period. No need to crack a damn thing so password complexity is useless in this case.

    Anyway, just a thought completely off topic but sparked by several comments in this thread. Now, back to your regularly scheduled program.



    --Th13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  5. #15
    Senior Member
    Join Date
    Nov 2005
    Posts
    115
    Originally posted here by thehorse13
    I keep seeing a theme in AO threads by new(er) members. The trend is that most people believe that password cracking is a rampant problem (and must be defended against at all costs), when in reality, it is not. There are soooo many easier ways to compromise and steal these days. Who needs to crack passwords?
    I agree TH13.

    There are many techs (myself included) who are paranoid about their personal systems security... and while it may not be needed at this minor level, I think its a healthy thing to desire the most secure personal configuration... Its about developing good habits.

    EG: A dentist didn't brush his own teeth... would you listen to him when he told you to brush? Would you even really want him working on your teeth?

    Al

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •