lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20030711024306.GC1334@nag.inorganic.org>
From: full-disclosure at ols.inorganic.org (Roy S. Rapoport)
Subject: Networking security problem?

On Fri, Jul 11, 2003 at 10:56:26AM +1000, gregh wrote:
> Am I being pedantic here? To my mind, if a password is required to use
> the machine locally, it should automatically require the network
> connection to be broken. XP goes back to the Welcome screen depending on
> your settings or the NT looking username and password box you would all
> know. I find it totally mystifying that a machine that is "protected" at
> keyboard level by a password so people cant get into it and look up
> sensitive info can still be gotten into at least by the local LAN and
> info STILL gained. The problem here is if a disgruntled employee went
> postal and knew this info, he/she could do what they want. I understand
> the programs and data could be protected in other ways but it also hit me
> that there must be quite a few small to medium companies living in a
> delirious limbo like this, too.
> 
> Any comments? Am I just pedantic or is this really a headbanger?

Here's a nickel, kid. Go buy yourself a real OS.

Network accessibility and managing network access to sensitive resources
has little -- I'm sorry, *no* -- relation to keyboard & monitor access.  My
main server at home (on which I'm writing this right now!) is screenlocked.
If it was not network-accessible while it was screenlocked, I'd be SOL.

I was playing with screenlocked UNIX systems thirteen years ago; said
systems were perfectly accessible via the net.  This is a feature, not a
bug.

-roy

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ