Long ago I was brought in to help the consulting company where I worked
audit a government agency's VM system. The agency was running multiple
levels of classified work under VM, claiming it was secure. The folks
doing the security audit wanted to talk about all sorts of technical
penetrations
My favorite was an auditor that wanted a printout of our /etc/passwd. This
was a VM/SP system. When we stopped laughing at him and told him we didn't
have such security holes, he went away.
/Tom Kern
On Wed, 21 May 2008 10:32:27 -0400, Daniel McLaughlin
[EMAIL PROTECTED] wrote:
One of my
-Original Message-
From: IBM Mainframe Discussion List
[mailto:[EMAIL PROTECTED] On Behalf Of Thomas Kern
Sent: Wednesday, May 21, 2008 10:52 AM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Bad Auditor Requests (Was Re: Hardware Alerts)
My favorite was an auditor that wanted a printout
Our instructions were to give them EXACTLY what they ask for or nothing. If
he had asked in a more general way for a listing of user definitions, I
would have prepared a sanitized USER DIRECT, but he was explicit and
insistent on getting /etc/passwd. That was what was on his unix checklist.
/Tom
4 matches
Mail list logo