http://trilema.com/2013/the-hole-in-whm/ Moving targets for a fast crowd. Fri, 15 May 2026 15:53:40 +0000 http://polimedia.us hourly 1 http://trilema.com/2013/the-hole-in-whm/#comment-95253 BingoBoingo Thu, 26 Sep 2013 20:13:54 +0000 http://trilema.com/?p=49577#comment-95253 I'd venture sloth is second only to social engineering as a source of easy security exploits. Seems like a lower risk activity than rubber hose cryptanalysis by any stretch. I'd venture sloth is second only to social engineering as a source of easy security exploits. Seems like a lower risk activity than rubber hose cryptanalysis by any stretch.

]]> http://trilema.com/2013/the-hole-in-whm/#comment-95252 Mircea Popescu Thu, 26 Sep 2013 20:10:07 +0000 http://trilema.com/?p=49577#comment-95252 PS. A reader points out to me that while the foregoing is correct, scripts/passwdlist (ie, "Password Modification") does correctly specify a post method to be used in its password update form (but not, I would like to add, in the select users form on the same page). Nevertheless, until someone actually writes good software it's a good idea to make sure you always reset your cpanel passwords at least once, and ideally immediately after creating an account. PS. A reader points out to me that while the foregoing is correct, scripts/passwdlist (ie, "Password Modification") does correctly specify a post method to be used in its password update form (but not, I would like to add, in the select users form on the same page). Nevertheless, until someone actually writes good software it's a good idea to make sure you always reset your cpanel passwords at least once, and ideally immediately after creating an account.

]]>