By telling people how to be insecure, we would be contributing to the
increasing attitude of complaceny. If we make it hard to get answers on
how to be insecure, then people will fight it less and understand it
more. It's like making stupidity physically painfull. The more it hurts,
the less people will do it. After all, the more people accept security
as a way of life, the less inconvient it becomes.
Kenny
PS Like I could resist an open invitation like THAT???
--
Kenny Lussier
Systems Administrator
Mission Critical Linux
***********************************************************
Life is a lesson, you learn it at the end
Reality has become increasingly less accurate
***********************************************************
"Dana S. Tellier" wrote:
>
> Cole,
>
> Yet ANOTHER insightful, intelligent e-mail, thank you. While we
> all understand security (after the Noah-like flood of e-mail last week
> about security, we'd all BETTER...) risks, it might be best to simply make
> a recommendation, and then tell him what to do to answer the
> problem. Leave the soapbox for another thread. ;-)
>
> - Dana
>
> On Thu, 29 Jun 2000, Cole Tuininga wrote:
>
> >
> > Folks, folks, folks.
> >
> > While I certainly agree that the "best" option is to keep the dictionary
> > checking on, this is not what Brad has asked for. It is certainly a
> > good idea to let him know of the vulnerabilities of taking the this
> > route, but let's try to help him solve the question he put forth, lest
> > we start to sound like tech support from a certain unnamed Redmond based
> > company.... ("You don't want to do that, do it our way instead.")
> >
> > To Brad:
> >
> > Is there a line in /etc/pam.d/passwd that looks something like:
> >
> > password required /lib/security/pam_cracklib.so retry=3
> >
> > ?
> > I believe that may be the culprit. To echo what others have said, this
> > is not necessarily the best option though if the users have no shell
> > access it MIGHT be ok. If you go this route, definitely turn off shell
> > access for unnecessary users and turn off telnet entirely. If you need
> > to connect to it remotely, use a secure method such as openssh
> > (http://www.openssh.com).
> >
> >
> > --
> > "In my opinion, Macs are really just toys..." - An anonymous UNH
> > professor
> >
> > Cole Tuininga
> > Network Admin
> > Code Energy, Inc
> > [EMAIL PROTECTED]
> > (603) 766-2208
> >
> > **********************************************************
> > To unsubscribe from this list, send mail to
> > [EMAIL PROTECTED] with the following text in the
> > *body* (*not* the subject line) of the letter:
> > unsubscribe gnhlug
> > **********************************************************
> >
>
> --
> Dana S. Tellier Email [EMAIL PROTECTED]
> Student Engineer University of New Hampshire
> InterOperability Lab 7 Leavitt Ln Durham, NH 03824
> ATM Consortium 603-862-4626 FAX: 603-862-4181
>
> http://www.distributed.net/ Put wasted CPU cycles to use!
>
> **********************************************************
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **********************************************************
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
