RE: Default Admin Account

[jay.tomas () infosecguru com]

Your correct that is doesn't give someone the right. However, as you  
stated it can be negligent and could make you culpable if there is a  
breach. My point is to concentrate on what you can control, which is  
to Defend against, Identify and Destroy intruders. The intentions of  
others are outside that scope.

Jay

-----Original Message-----
From: listbounce () securityfocus com  
[mailto:listbounce () securityfocus com] On Behalf Of Prodigi Child
Sent: Wednesday, February 04, 2009 2:39 AM
To: 'J.Hart, Elec.Eng.Tech.'; pen-test () securityfocus com
Subject: RE: Default Admin Account

On the default admin accounts on US Military machines, I think that  
poor (or even negligent) security is no excuse for a compromising a  
system. To borrow from the port scanning debates, leaving my front  
door wide open doesn't give someone permission to invade my home.



-----Original Message-----
From: listbounce () securityfocus com  
[mailto:listbounce () securityfocus com] On Behalf Of J.Hart,  
Elec.Eng.Tech.
Sent: Monday, February 02, 2009 10:49 AM
To: pen-test () securityfocus com
Subject: Default Admin Account

Hey all,

I have been following the Gary McKinnon case for years now.
My interest is in the legal area of penetration testing and the  
evolution of cyber law.
What do IT Security experts and pen-testers think about the default  
administration account on the US Military machines? You can read about  
the case here http://freegary.org.uk/

--
"For the best in web site design - StarNET http://www.s-t-a-r.net



----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.