On Fri, Feb 12, 2010 at 8:05 AM, John <j...@starfire.mn.org> wrote: > People, people - be careful that we are not creating a formula to > break into FreeBSD servers around the world... > > The only acceptable solution is for someone in Eric's organization > to secure physical access to the server. It may be in a co-lo > situation, but if that's true, they must have a contract open and, > if nothing else, they terminate the contract and get the machine > back, though more likely, the contract allows them supervised > access. Machines are not perfect - even without losing the root > password, they break and need maintenance - this is a MAINTENANCE > event and should be treated as such, just like a hard drive failure > or a NIC failure. > > Creating a scheme for someone to break into FreeBSD systems remotely > or to publicize schemes people have created to remotely manage their > systems in ways that could be used to compromise them is foolishness! > > Regardless of the purity of his intention, Eric is asking us to > tell him how to break into our homes or steal our cars. ;) >
Security through obscurity is no security, hence it is a good exercise. -- Adam Vande More _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"