| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: full-disclosure at ols.inorganic.org (Roy S. Rapoport) Subject: Networking security problem? On Fri, Jul 11, 2003 at 10:56:26AM +1000, gregh wrote: > Am I being pedantic here? To my mind, if a password is required to use > the machine locally, it should automatically require the network > connection to be broken. XP goes back to the Welcome screen depending on > your settings or the NT looking username and password box you would all > know. I find it totally mystifying that a machine that is "protected" at > keyboard level by a password so people cant get into it and look up > sensitive info can still be gotten into at least by the local LAN and > info STILL gained. The problem here is if a disgruntled employee went > postal and knew this info, he/she could do what they want. I understand > the programs and data could be protected in other ways but it also hit me > that there must be quite a few small to medium companies living in a > delirious limbo like this, too. > > Any comments? Am I just pedantic or is this really a headbanger? Here's a nickel, kid. Go buy yourself a real OS. Network accessibility and managing network access to sensitive resources has little -- I'm sorry, *no* -- relation to keyboard & monitor access. My main server at home (on which I'm writing this right now!) is screenlocked. If it was not network-accessible while it was screenlocked, I'd be SOL. I was playing with screenlocked UNIX systems thirteen years ago; said systems were perfectly accessible via the net. This is a feature, not a bug. -roy
Powered by blists - more mailing lists