UNIX security and passwords
Steven M. Bellovin
smb at ulysses.homer.nj.att.com
Wed Jan 4 08:07:46 AEST 1989
In article <23731 at pprg.unm.edu>, kurt at pprg.unm.edu (Kurt Zeilenga) writes:
> I've been managing computers for about eight years and have seen
> hundreds of security incidents first hand. Of them, I can
> only remember one or two that actually tried to use a program
> to guess passwords.
Three possible answers: (a) you've seen an atypical sample; (b) I've
seen an atypical sample, because I've seen many such incidents; or (c) just
because you haven't seen them doesn't mean they haven't happened....
The other things you cite are certainly problems that need fixing. So
are crackable passwords. I don't think anyone else in this discussion is
advocating that we stick with the current schemes, i.e., neither a private
password file nor a beefed-up passwd command.
More information about the Comp.unix.wizards
mailing list