Long ago I was brought in to help the consulting company where I worked
audit a government agency's VM system. The agency was running multiple
levels of classified work under VM, claiming it was secure. The folks
doing the security audit wanted to talk about all sorts of technical
penetrations but I suggested something simpler: Look at Execs on public
system disks, see what minidisks they linked to, examine what was on
those disks, look for more Execs with links, rinse, repeat, etc. A
couple days later they put a printout of the system directory on the
director's desk with a note that security wasn't as tight as claimed.
Don't neglect the ability of morons to make a secure system insecure...
Thomas Kern said:
My favorite was an auditor that wanted a printout of our /etc/passwd. This
was a VM/SP system. When we stopped laughing at him and told him we didn't
have such security holes, he went away.
--
Gabriel Goldberg, Computers and Publishing, Inc. (703) 204-0433
3401 Silver Maple Place, Falls Church, VA 22042 [EMAIL PROTECTED]
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
