"The moral is obvious. You can't trust code that you did not totally create yourself. " This is why the enterprise chose to deprecate all of the Unix servers except for external DNS (and Legato backup, but we cannot control that).
It's surprising how much flack my post is generating. If you have good change control management in place, you lessen the likelihood of some pissed off admin planting time bombs in your system. There is no 100% solution to clearing off an admin from an enterprise, but having scripts change passwords across the enterprise is a whole like easier than having all of the admins running around changing passwords when the CTO calls someone in the office for "The Talk." The networking issue is a much bigger problem which we are still trying to tackle. The way we handle it now is simple . . . Pay your network team a lot of money, leave them alone, but make sure you stay current on the information security laws. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, February 13, 2004 1:45 AM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] Re: Removing FIred admins On Fri, Feb 13, 2004 at 12:29:25AM -0500, James Patterson Wicks ([EMAIL PROTECTED]) wrote: > "The Button" Impressive. Upperscase letters to start off each word. Quotes to set it apart from the rest of the sentence it appears in. > [mailto:[EMAIL PROTECTED] On Behalf Of Cael Abal > Imagine every sneaky thing a cracker > could do -- subvert your IDS, implement Ken Thompson-esque > login/compiler bugs, etc... And then consider that they might've > happened any time in the past few years and have by now completely > infiltrated your backup media. Maybe it is the length of this comma separated value listing that caused your eyes to glaze over. Let us examime one of these items. For the sake of history (which so many seem to scorn), for its elegance, and to honor the inventor of the original UNIX kernel... http://www.acm.org/classics/sep95/ Then contemplate on the futility of effort being expended on "The Button". -- Chief Gadgeteer Elegant Innovations _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html This e-mail is the property of Oxygen Media, LLC. It is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential, or otherwise protected from disclosure. Distribution or copying of this e-mail or the information contained herein by anyone other than the intended recipient is prohibited. If you have received this e-mail in error, please immediately notify us by sending an e-mail to [EMAIL PROTECTED] and destroy all electronic and paper copies of this e-mail. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
