Possible security problem, need information...

Neil Rickert rickert at mp.cs.niu.edu
Thu Mar 21 04:39:22 AEST 1991


In article <1991Mar20.165442.7210 at ux1.cso.uiuc.edu> edotto at ux1.cso.uiuc.edu (Ed Otto) writes:
>
>But seriously,I think that this is not a problem as mine is the same way.

 Don't assume that just because your system comes standardly set up in a
certain way, there are no problems with that setup.  Vendors are notorious
for providing systems which are highly secure when set up on a private
network with only one user, but in which security breaks down in more
practical environments.

 As an example, at least one has made a practice of supplying systems with
a default setup such that if you connect the system to Internet and make
a DNS resolver function available in the recommended way, just about anyone
with root access on any Internet machine can quickly break in.  For all I
know they are still supplying systems with this setup.

-- 
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
  Neil W. Rickert, Computer Science               <rickert at cs.niu.edu>
  Northern Illinois Univ.
  DeKalb, IL 60115                                   +1-815-753-6940



More information about the Comp.unix.admin mailing list