> > >> dclarke wrote: > >> "minor nit. Solaris is not open source." > >> > >> Solaris still gets code reviews by government > >> agencies to preclude this sort of OS back door > >> though, as does every other major OS in use by the > US > >> & international governments to preclude this sort > of > >> activity from happening. > >> > >> Tim > > > > Same government agencies that the Chinese have > hacked into twice last year. > > There not even smart enough to hide there own > tracks. > > Well, I trust Solaris. Simply put. > > In order to hack into a Solaris box I think that you > pretty much have to get > through SSH and then somehow drop a kernel module > into place or something > that can not be tracked with ps, prstat, sar activity > or userland activity > of any kind. God forbid that I turn on system > accounting. Heck, I think you > would need to at least have a user account waiting > for you other than root > because you just can't login to Solaris as root > unless you are at the box. > By default. > > Really, I don't know how someone would hack a Solaris > box. > > Dennis > > _______________________________________________ > opensolaris-discuss mailing list > [email protected]
Dennis, Dennis, Dennis. You should attend a SANS conference. It will scare you into just how easy it is to obtain root on any OS. I have found that in most companies the security department lives with their head in the sand. The admins believe that the security department is keeping the systems safe. The security people invoke rules that increase the risks. One very common security practice is password aging. "Lets make the user change their password every 30 days" When you count up the number of passwords that a user must remember it is impossible, so they write them down or use a common password on all systems with the date at the end. This one practice alone simplifies a breakin. Now add the 3 tries lockout with active directory on the net like some companies web mail and all you need is the company listing and you can lock the entire company out. "DOS" from any internet connection. Sloppy/poor programming that has become the norm rather than the exception opens many other doors to root. Besides all of that, the NSA or anyone else that wants your information would hit up on the router manufacturers like Cisco Since once its off your computer your packet will traverse a router to get to its destination. Don't think your ssl packets are safe either the NSA has been able to de-crypt them for quite awhile now. They have your information, they know who/where/what/how and why of every single thing you do. Its all stored in the databases. Hello Paul! This message posted from opensolaris.org _______________________________________________ opensolaris-discuss mailing list [email protected]
