Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Why are home system user login names shown on openbenchmarking.org?

  1. #1
    Join Date
    Aug 2007
    Location
    Europe
    Posts
    401

    Default Why are home system user login names shown on openbenchmarking.org?

    Why are home system user login names shown on openbenchmarking.org under the heading "Testing notes"? It is a security risk for all submitters. If possible, please remove.

    Thanks in advance!

  2. #2
    Join Date
    May 2007
    Location
    Third Rock from the Sun
    Posts
    6,582

    Default

    Quote Originally Posted by sabriah View Post
    Why are home system user login names shown on openbenchmarking.org under the heading "Testing notes"? It is a security risk for all submitters. If possible, please remove.

    Thanks in advance!
    I'm not sure why you would think knowing the home login name is a security risk when every system out there already has a root user which is the one that hackers want.

  3. #3
    Join Date
    Aug 2007
    Location
    Europe
    Posts
    401

    Default

    Quote Originally Posted by deanjo View Post
    I'm not sure why you would think knowing the home login name is a security risk when every system out there already has a root user which is the one that hackers want.
    http://en.wikipedia.org/wiki/Social_...%28security%29

  4. #4
    Join Date
    Apr 2010
    Posts
    1,946

    Default

    Exposing your IP (if especially if its static) together with kernel version you use, is dangerous. Your user name isn't, you can create a user just for the test and su to it.

  5. #5
    Join Date
    May 2007
    Location
    Third Rock from the Sun
    Posts
    6,582

    Default

    You are missing the point. A known user called root already exists on most systems. As it is also pointed out since the IP isn't reported what are the chances of someone finding your machine and then trying to hack a user account instead of the root account which is what they would want.

    Knowing a user account name has nothing to do with social engineering. Social engineering would be tricking you into giving your login credentials with password.

  6. #6
    Join Date
    Aug 2007
    Location
    Europe
    Posts
    401

    Default

    Quote Originally Posted by crazycheese View Post
    Exposing your IP (if especially if its static) together with kernel version you use, is dangerous. Your user name isn't, you can create a user just for the test and su to it.
    But why show it in the first place? What benefit is that?

  7. #7
    Join Date
    May 2007
    Location
    Third Rock from the Sun
    Posts
    6,582

    Default

    Quote Originally Posted by sabriah View Post
    But why show it in the first place? What benefit is that?
    Different user accounts may have different preferences that may effect the results.

  8. #8
    Join Date
    Aug 2007
    Location
    Europe
    Posts
    401

    Default

    Quote Originally Posted by deanjo View Post
    You are missing the point. A known user called root already exists on most systems. As it is also pointed out since the IP isn't reported what are the chances of someone finding your machine and then trying to hack a user account instead of the root account which is what they would want.

    Knowing a user account name has nothing to do with social engineering. Social engineering would be tricking you into giving your login credentials with password.
    In a multiuser environment one would know who sent the benchmark, who to target. I can think of systems where that would be considered disloyal to the company.

  9. #9
    Join Date
    Aug 2007
    Location
    Europe
    Posts
    401

    Default

    Quote Originally Posted by deanjo View Post
    Different user accounts may have different preferences that may effect the results.
    See my reply in the parallel.

  10. #10
    Join Date
    Aug 2007
    Posts
    6,607

    Default

    Usually every IRC chat exposes your username by default too. Best don't use internet

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •