Xref: utzoo alt.security:729 comp.protocols.tcp-ip:11524 alt.sys.sun:933
Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!cunixf.cc.columbia.edu!media-lab!snorkelwacker!bionet!ucselx!petunia!unmvax!sci.ccny.cuny.edu!cucard!dasys1!cooper!phri!sci.ccny.cuny.edu!rpi!zaphod.mps.ohio-state.edu!samsung!cs.utexas.edu!mailrus!b-tech!zeeff
From: zeeff@b-tech.ann-arbor.mi.us (Jon Zeeff)
Newsgroups: alt.security,comp.protocols.tcp-ip,alt.sys.sun
Subject: Re: anonymous ftp, and the dangers thereof
Message-ID: <PMY$TW?@b-tech.uucp>
Date: 3 Jun 90 08:15:37 GMT
References: <1990Apr20.192233.4092@utzoo.uucp> <6721@blake.acs.washington.edu> <BT+2NO5xds13@ficc.uu.net>
Organization: Branch Technology
Lines: 7

All this emphasis on turning off tftp and waiting for shadow password 
files may be clouding the simpler and more effective solution.  Force 
users to pick good passwords!  Something with some non-alpha 
characters and mixed case (not the first letter capital).  

Neither turning off tfpd or even shadow passwords will protect you from 
local users or people who used to have root.