new password idea
Scott Bennett
bennett at mp.cs.niu.edu
Sat Apr 27 07:59:27 AEST 1991
In article <1991Apr26.171549.10502 at escom.com> al at escom.com (Al Donaldson) writes:
>Once when I was testing someone's operating system, I thought it
>would be interesting to find out what really happen when I exceeded
>the bad password count for root. So I just sat there at the console
>blindly typing random junk for the root password. After a small
>number of tries (less than 10), it made me root.
>
> [text deleted --SJB]
>
>Insufficient testing, wrong people working on critical code, and
>too many damn bells and whistles. There is something to be said
>for simplicity in critical programs like login. Specially if
>the vendor doesn't have time to test every release extensively
>and document it completely (or release the code).
This is hard to argue with, but really doesn't address the
issue. The existence of broken and/or poorly designed software
doesn't have much to do with the need for security. In other words,
having a broken ratchet on your socket wrench doesn't mean you should
try to make do with a pair of pliers. It means you should get a
different socket wrench.
>
>Al
>
Scott Bennett, Comm. ASMELG, CFIAG
Systems Programming
Northern Illinois University
DeKalb, Illinois 60115
**********************************************************************
* Internet: bennett at cs.niu.edu *
* BITNET: A01SJB1 at NIU *
*--------------------------------------------------------------------*
* "Spent a little time on the mountain, Spent a little time on the *
* Hill, The things that went down you don't understand, But I *
* think in time you will." Oakland, 19 Feb. 1991, first time *
* since 25 Sept. 1970!!! Yippee!!!! Wondering what's NeXT... :-) *
**********************************************************************
More information about the Comp.unix.wizards
mailing list