[[http://diggdot.us|diggdot.us]], Ubuntu Breezy has a
and critical bug that allows the first user registered password to be
found by any user by reading the file
/var/log/installer/cdebconf/questions.dat, which is world-readable. The
problem does not affect the Dapper version.
This means admin’s
running Breezy will have some headaches the next couple of weeks. If you
can upload a php/perl/etc file to the server you can read the password out
of var/logs with fopen() and that means you’re done in many scenarios.
Word of advise: don’t do something stupid. If you like security or even
if you don’t, a note on your police file won’t help your
I’ve been using Ubuntu on my laptop for some time now
and must say it never let me down. The guys did a great job. It’s a good
install-and-go/Just Works distro and that’s what I need right now.
Flawless package management, on-the-fly Gnome desktop, OpenOffice, Flash,
Evolution 2.5.x, etc.. I don’t see this bug affecting the popularity of
Ubuntu but then again we all now that critical servers are not their
* [[http://www.ubuntuforums.org/showthread.php?t=143334|Follow thread on
**Note to self:** Subtract 4 days and you get
the day [[http://www.google.com|Google]] acquired
pointed out, weâ€™ve got ourselves another winner in the Web 2.0