lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: pwicks at oxygen.com (James Patterson Wicks)
Subject: (no subject)

"The moral is obvious. You can't trust code that you did not totally
create yourself. "
This is why the enterprise chose to deprecate all of the Unix servers
except for external DNS (and Legato backup, but we cannot control that).

It's surprising how much flack my post is generating.  If you have good
change control management in place, you lessen the likelihood of some
pissed off admin planting time bombs in your system.  There is no 100%
solution to clearing off an admin from an enterprise, but having scripts
change passwords across the enterprise is a whole like easier than
having all of the admins running around changing passwords when the CTO
calls someone in the office for "The Talk."

The networking issue is a much bigger problem which we are still trying
to tackle.  The way we handle it now is simple . . .  Pay your network
team a lot of money, leave them alone, but make sure you stay current on
the information security laws.

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of
gadgeteer@...gantinnovations.org
Sent: Friday, February 13, 2004 1:45 AM
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] Re: Removing FIred admins

On Fri, Feb 13, 2004 at 12:29:25AM -0500, James Patterson Wicks
(pwicks@...gen.com) wrote:
> "The Button"

Impressive.  Upperscase letters to start off each word.  Quotes to set
it apart from the rest of the sentence it appears in.


> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Cael Abal
>   Imagine every sneaky thing a cracker
> could do -- subvert your IDS, implement Ken Thompson-esque
> login/compiler bugs, etc... And then consider that they might've
> happened any time in the past few years and have by now completely
> infiltrated your backup media.

Maybe it is the length of this comma separated value listing that caused

your eyes to glaze over.  Let us examime one of these items.  For the 
sake of history (which so many seem to scorn), for its elegance, and 
to honor the inventor of the original UNIX kernel...

http://www.acm.org/classics/sep95/

Then contemplate on the futility of effort being expended on "The
Button".
-- 
Chief Gadgeteer
Elegant Innovations

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


This e-mail is the property of Oxygen Media, LLC.  It is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential, or otherwise protected from disclosure. Distribution or copying of this e-mail or the information contained herein by anyone other than the intended recipient is prohibited. If you have received this e-mail in error, please immediately notify us by sending an e-mail to postmaster@...gen.com and destroy all electronic and paper copies of this e-mail.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ