SECURITY NOTES
NetworkManager is a pain but Wicd stores passwords in plain text. You need root but anyone with physical access to your Pi's SD card can get every password to every WiFi hotspot you've ever connected to. Affects original 9-11 (aka R1) version and Murdock Edition (which I'm still running on my 32-bit Pi2, by the way.) R2, R3 and 64-bit versions don't use Wicd.
All versions before R3 have an Apache server which is best run without a GUI using Alpha2. Unless you're doing web development with Bluefish you probably don't need it.
I mentioned purging tiger in an old blog post but forgot about fcheck which also needs to go. Those were really for my own attack vector research... Don't surf on your server. ;)
Lastly, Raspbian's default user "pi" has been exploited by script kiddies which is why I'm using Raz Berry as my new admin account. After creating a new account add it to the adm and sudo groups, you can then safely delete user pi. You'll lose my super slick default desktop settings but oh well... sigh.
No comments:
Post a Comment