Re: Death to crackers

Robert S. Thau (rst@ai.mit.edu)
Mon, 1 Mar 1999 22:29:29 -0500 (EST)


Tom Whore writes:
> > Not as easy as it sounds; for instance, you may be blessed with users
> > who are innocent of proper password hygiene. (viz., www.rootshell.com)
>
> This is all poart of running a secure system. Its not for everyone, but
> there are methods to make it easier. Doing any sort of serious work on a
> large unsecure system (because of users, admins, os, or wahtever) is a bad
> idea.

The reference was to users who type their well-chosen secure passwords
on an unsecure links, as apparently occured in the rootshell exploit.
The only cure for that is to make sure that they don't have accounts
on your systems. (Which is what I try to do in production
environments).

rst