hwt@bnr-public.uucp (Henry Troup) (11/18/88)
I just checked my SunOS 4.0 *distribution tape* hosts.equiv. The file consists of "+\n". A quick RofTFM shows that this means ***trust everyone*** Surprise! So- In light of the worm, and this, we should realize that out-of-the- box systems are not well secured. Henry Troup utgpu!bnr-vpa!bnr-fos!hwt%bnr-public | BNR is not Bell-Northern Reseach hwt@bnr (BITNET/NETNORTH) | responsible for Ottawa, Canada (613) 765-2337 (Voice) | my opinions
haynes@ucscc.UCSC.EDU (99700000) (11/20/88)
In article <185@bnr-fos.UUCP> hwt@bnr-public.UUCP (Henry Troup) writes: >I just checked my SunOS 4.0 *distribution tape* hosts.equiv. The >file consists of "+\n". A quick RofTFM shows that this means >***trust everyone*** Surprise! > >So- In light of the worm, and this, we should realize that out-of-the- >box systems are not well secured. At the recent Usenix security workshop this was the #1 complaint that we asked the vendors present to take back to their companies. There was one man from Sun there - most other vendors were less well represented. A second point was that vendors ought to have one contact person for all security-related problems, rather than farming them out to developers who handle the individual pieces of software separately. haynes@ucscc.ucsc.edu haynes@ucscc.bitnet ..ucbvax!ucscc!haynes "Any clod can have the facts, but having opinions is an Art." Charles McCabe, San Francisco Chronicle
allbery@ncoast.UUCP (Brandon S. Allbery) (11/26/88)
As quoted from <185@bnr-fos.UUCP> by hwt@bnr-public.uucp (Henry Troup): +--------------- | I just checked my SunOS 4.0 *distribution tape* hosts.equiv. The | file consists of "+\n". A quick RofTFM shows that this means | ***trust everyone*** Surprise! | | So- In light of the worm, and this, we should realize that out-of-the- | box systems are not well secured. +--------------- D*mned right they're not. See <13139@ncoast.UUCP> in news.sysadmin for the reason. The moral of that story is that the people who buy computers, and the people who run them, need to become aware that security isn't only for the Pentagon. ++Brandon -- Brandon S. Allbery, comp.sources.misc moderator and one admin of ncoast PA UN*X uunet!hal.cwru.edu!ncoast!allbery <PREFERRED!> ncoast!allbery@hal.cwru.edu allberyb@skybridge.sdi.cwru.edu <ALSO> allbery@uunet.uu.net comp.sources.misc is moving off ncoast -- please do NOT send submissions direct Send comp.sources.misc submissions to comp-sources-misc@<backbone>. -- Brandon S. Allbery, comp.sources.misc moderator and one admin of ncoast PA UN*X uunet!hal.cwru.edu!ncoast!allbery <PREFERRED!> ncoast!allbery@hal.cwru.edu allberyb@skybridge.sdi.cwru.edu <ALSO> allbery@uunet.uu.net comp.sources.misc is moving off ncoast -- please do NOT send submissions direct Send comp.sources.misc submissions to comp-sources-misc@<backbone>.