[Full-Disclosure] (no subject)
James Patterson Wicks
pwicks at oxygen.com
Fri Feb 13 13:26:47 GMT 2004
"The moral is obvious. You can't trust code that you did not totally
create yourself. "
This is why the enterprise chose to deprecate all of the Unix servers
except for external DNS (and Legato backup, but we cannot control that).
It's surprising how much flack my post is generating. If you have good
change control management in place, you lessen the likelihood of some
pissed off admin planting time bombs in your system. There is no 100%
solution to clearing off an admin from an enterprise, but having scripts
change passwords across the enterprise is a whole like easier than
having all of the admins running around changing passwords when the CTO
calls someone in the office for "The Talk."
The networking issue is a much bigger problem which we are still trying
to tackle. The way we handle it now is simple . . . Pay your network
team a lot of money, leave them alone, but make sure you stay current on
the information security laws.
From: full-disclosure-admin at lists.netsys.com
[mailto:full-disclosure-admin at lists.netsys.com] On Behalf Of
gadgeteer at elegantinnovations.org
Sent: Friday, February 13, 2004 1:45 AM
To: full-disclosure at lists.netsys.com
Subject: [Full-Disclosure] Re: Removing FIred admins
On Fri, Feb 13, 2004 at 12:29:25AM -0500, James Patterson Wicks
(pwicks at oxygen.com) wrote:
> "The Button"
Impressive. Upperscase letters to start off each word. Quotes to set
it apart from the rest of the sentence it appears in.
> [mailto:full-disclosure-admin at lists.netsys.com] On Behalf Of Cael Abal
> Imagine every sneaky thing a cracker
> could do -- subvert your IDS, implement Ken Thompson-esque
> login/compiler bugs, etc... And then consider that they might've
> happened any time in the past few years and have by now completely
> infiltrated your backup media.
Maybe it is the length of this comma separated value listing that caused
your eyes to glaze over. Let us examime one of these items. For the
sake of history (which so many seem to scorn), for its elegance, and
to honor the inventor of the original UNIX kernel...
Then contemplate on the futility of effort being expended on "The
Full-Disclosure - We believe in it.
This e-mail is the property of Oxygen Media, LLC. It is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential, or otherwise protected from disclosure. Distribution or copying of this e-mail or the information contained herein by anyone other than the intended recipient is prohibited. If you have received this e-mail in error, please immediately notify us by sending an e-mail to postmaster at oxygen.com and destroy all electronic and paper copies of this e-mail.
Full-Disclosure is hosted and sponsored by Secunia.