On Thursday 27 September 2001 14:51, Meritt James wrote: > http://www.washingtonpost.com/wp-dyn/articles/A32105-2001Sep26.html > > Let's be careful out there, hear?
>From the article: "One of the problems, investigators said, was that network users could gain extraordinary access to certain department databases simply by logging on as a systems administrator. No password was necessary." There are many concerns about the computer security. I belive U.S. guys working on real sensitive data know how to protect them (not to mention that it really is dumb to put anything sensitive on the Internet without really good reason to do so). This one is just a masterpiece telling us that you can't hire Forest Gump to maintain your computer security. Aside the flame, what was already mentioned here is - do this security lists help black hats? Is the security trough obscurity viable security model? Shouldn't we shut down all security related sites on the Internet? Should we arrest anyone who's talking about viruses on the Internet? Maybe we should assasinate every known hacker around, regardless of the colour of his/her hat? And so on... Already seen many times here. :-) I hope this isn't the beginning of another "Should we close this mailing list for security reasons, or not?" threeeeeeeeeeeeeeeead... (-: But there's a difference between mailing list such as this and the article in Washington Post - I belive if you have such dumb adminstrators, you deserve to be defaced; and if such administrators got fired for the obvious lack of security, the mangement person who choosed them should get fired as well.
