Announcement

Collapse
No announcement yet.

Why are home system user login names shown on openbenchmarking.org?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Why are home system user login names shown on openbenchmarking.org?

    Why are home system user login names shown on openbenchmarking.org under the heading "Testing notes"? It is a security risk for all submitters. If possible, please remove.

    Thanks in advance!

  • #2
    Originally posted by sabriah View Post
    Why are home system user login names shown on openbenchmarking.org under the heading "Testing notes"? It is a security risk for all submitters. If possible, please remove.

    Thanks in advance!
    I'm not sure why you would think knowing the home login name is a security risk when every system out there already has a root user which is the one that hackers want.

    Comment


    • #3
      Originally posted by deanjo View Post
      I'm not sure why you would think knowing the home login name is a security risk when every system out there already has a root user which is the one that hackers want.
      http://en.wikipedia.org/wiki/Social_...%28security%29

      Comment


      • #4
        Exposing your IP (if especially if its static) together with kernel version you use, is dangerous. Your user name isn't, you can create a user just for the test and su to it.

        Comment


        • #5
          You are missing the point. A known user called root already exists on most systems. As it is also pointed out since the IP isn't reported what are the chances of someone finding your machine and then trying to hack a user account instead of the root account which is what they would want.

          Knowing a user account name has nothing to do with social engineering. Social engineering would be tricking you into giving your login credentials with password.

          Comment


          • #6
            Originally posted by crazycheese View Post
            Exposing your IP (if especially if its static) together with kernel version you use, is dangerous. Your user name isn't, you can create a user just for the test and su to it.
            But why show it in the first place? What benefit is that?

            Comment


            • #7
              Originally posted by sabriah View Post
              But why show it in the first place? What benefit is that?
              Different user accounts may have different preferences that may effect the results.

              Comment


              • #8
                Originally posted by deanjo View Post
                You are missing the point. A known user called root already exists on most systems. As it is also pointed out since the IP isn't reported what are the chances of someone finding your machine and then trying to hack a user account instead of the root account which is what they would want.

                Knowing a user account name has nothing to do with social engineering. Social engineering would be tricking you into giving your login credentials with password.
                In a multiuser environment one would know who sent the benchmark, who to target. I can think of systems where that would be considered disloyal to the company.

                Comment


                • #9
                  Originally posted by deanjo View Post
                  Different user accounts may have different preferences that may effect the results.
                  See my reply in the parallel.

                  Comment


                  • #10
                    Usually every IRC chat exposes your username by default too. Best don't use internet

                    Comment

                    Working...
                    X