hwt@bnr-public.uucp (Henry Troup) (11/18/88)
I just checked my SunOS 4.0 *distribution tape* hosts.equiv. The file consists of "+\n". A quick RofTFM shows that this means ***trust everyone*** Surprise! So- In light of the worm, and this, we should realize that out-of-the- box systems are not well secured. Henry Troup utgpu!bnr-vpa!bnr-fos!hwt%bnr-public | BNR is not Bell-Northern Reseach hwt@bnr (BITNET/NETNORTH) | responsible for Ottawa, Canada (613) 765-2337 (Voice) | my opinions
haynes@ucscc.UCSC.EDU (99700000) (11/20/88)
In article <185@bnr-fos.UUCP> hwt@bnr-public.UUCP (Henry Troup) writes: >I just checked my SunOS 4.0 *distribution tape* hosts.equiv. The >file consists of "+\n". A quick RofTFM shows that this means >***trust everyone*** Surprise! > >So- In light of the worm, and this, we should realize that out-of-the- >box systems are not well secured. At the recent Usenix security workshop this was the #1 complaint that we asked the vendors present to take back to their companies. There was one man from Sun there - most other vendors were less well represented. A second point was that vendors ought to have one contact person for all security-related problems, rather than farming them out to developers who handle the individual pieces of software separately. haynes@ucscc.ucsc.edu haynes@ucscc.bitnet ..ucbvax!ucscc!haynes "Any clod can have the facts, but having opinions is an Art." Charles McCabe, San Francisco Chronicle