Full Disclosure mailing list archives
(no subject)
From: "James Patterson Wicks" <pwicks () oxygen com>
Date: Fri, 13 Feb 2004 08:26:47 -0500
"The moral is obvious. You can't trust code that you did not totally create yourself. " This is why the enterprise chose to deprecate all of the Unix servers except for external DNS (and Legato backup, but we cannot control that). It's surprising how much flack my post is generating. If you have good change control management in place, you lessen the likelihood of some pissed off admin planting time bombs in your system. There is no 100% solution to clearing off an admin from an enterprise, but having scripts change passwords across the enterprise is a whole like easier than having all of the admins running around changing passwords when the CTO calls someone in the office for "The Talk." The networking issue is a much bigger problem which we are still trying to tackle. The way we handle it now is simple . . . Pay your network team a lot of money, leave them alone, but make sure you stay current on the information security laws. -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of gadgeteer () elegantinnovations org Sent: Friday, February 13, 2004 1:45 AM To: full-disclosure () lists netsys com Subject: [Full-disclosure] Re: Removing FIred admins On Fri, Feb 13, 2004 at 12:29:25AM -0500, James Patterson Wicks (pwicks () oxygen com) wrote:
"The Button"
Impressive. Upperscase letters to start off each word. Quotes to set it apart from the rest of the sentence it appears in.
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Cael Abal Imagine every sneaky thing a cracker could do -- subvert your IDS, implement Ken Thompson-esque login/compiler bugs, etc... And then consider that they might've happened any time in the past few years and have by now completely infiltrated your backup media.
Maybe it is the length of this comma separated value listing that caused your eyes to glaze over. Let us examime one of these items. For the sake of history (which so many seem to scorn), for its elegance, and to honor the inventor of the original UNIX kernel... http://www.acm.org/classics/sep95/ Then contemplate on the futility of effort being expended on "The Button". -- Chief Gadgeteer Elegant Innovations _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html This e-mail is the property of Oxygen Media, LLC. It is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential, or otherwise protected from disclosure. Distribution or copying of this e-mail or the information contained herein by anyone other than the intended recipient is prohibited. If you have received this e-mail in error, please immediately notify us by sending an e-mail to postmaster () oxygen com and destroy all electronic and paper copies of this e-mail. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: (no subject), (continued)
- Re: (no subject) Valdis . Kletnieks (Feb 07)
- RE: (no subject) Aditya [ Aditya Lalit Deshmukh ] (Feb 08)
- Re: (no subject) Valdis . Kletnieks (Feb 07)
- Re: (no subject) KF (Feb 07)
- (no subject) roberta bragg (Feb 11)
- Re: (no subject) madsaxon (Feb 11)
- Re: (no subject) Berend-Jan Wever (Feb 11)
- Re: (no subject) Lee (Feb 11)
- Security Watch Essay (was: (no subject)) Cael Abal (Feb 11)
- RE: Security Watch Essay (was: (no subject)) roberta bragg (Feb 11)
- Re: (no subject) madsaxon (Feb 11)
- (no subject) James Patterson Wicks (Feb 13)
- (no subject) disclosure (Feb 24)
- (no subject) Disclosure From OSSI (Feb 25)
- (no subject) Bruce Zhang (Feb 27)