If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.
Announcement
Collapse
No announcement yet.
Why are home system user login names shown on openbenchmarking.org?
Why are home system user login names shown on openbenchmarking.org?
Why are home system user login names shown on openbenchmarking.org under the heading "Testing notes"? It is a security risk for all submitters. If possible, please remove.
Why are home system user login names shown on openbenchmarking.org under the heading "Testing notes"? It is a security risk for all submitters. If possible, please remove.
Thanks in advance!
I'm not sure why you would think knowing the home login name is a security risk when every system out there already has a root user which is the one that hackers want.
I'm not sure why you would think knowing the home login name is a security risk when every system out there already has a root user which is the one that hackers want.
Exposing your IP (if especially if its static) together with kernel version you use, is dangerous. Your user name isn't, you can create a user just for the test and su to it.
You are missing the point. A known user called root already exists on most systems. As it is also pointed out since the IP isn't reported what are the chances of someone finding your machine and then trying to hack a user account instead of the root account which is what they would want.
Knowing a user account name has nothing to do with social engineering. Social engineering would be tricking you into giving your login credentials with password.
Exposing your IP (if especially if its static) together with kernel version you use, is dangerous. Your user name isn't, you can create a user just for the test and su to it.
But why show it in the first place? What benefit is that?
You are missing the point. A known user called root already exists on most systems. As it is also pointed out since the IP isn't reported what are the chances of someone finding your machine and then trying to hack a user account instead of the root account which is what they would want.
Knowing a user account name has nothing to do with social engineering. Social engineering would be tricking you into giving your login credentials with password.
In a multiuser environment one would know who sent the benchmark, who to target. I can think of systems where that would be considered disloyal to the company.
Comment