Xref: utzoo comp.unix.questions:22823 alt.security:816 Path: utzoo!attcan!uunet!tut.cis.ohio-state.edu!zaphod.mps.ohio-state.edu!sdd.hp.com!ucsd!ucbvax!agate!tornado.Berkeley.EDU!dankg From: dankg@tornado.Berkeley.EDU (Dan KoGai) Newsgroups: comp.unix.questions,alt.security Subject: Re: How secure is UNIX? Keywords: Security, ftp Message-ID: <1990Jun10.183417.6226@agate.berkeley.edu> Date: 10 Jun 90 18:34:17 GMT References: <1990Jun4.102422.12896@agate.berke <1752@necis <1990Jun5.152004.15873@agate.berkeley.edu> <1990Jun7.161215.27328@chinet.chi.il.us> <1990Jun8.154523.5102@agate.berkeley.edu> <1990Jun8.175747.18776@athena.mit.edu> Sender: usenet@agate.berkeley.edu (USENET Administrator;;;;ZU44) Reply-To: dankg@tornado.Berkeley.EDU (Dan KoGai) Organization: ucb Lines: 43 In article <1990Jun8.175747.18776@athena.mit.edu> jik@athena.mit.edu (Jonathan I. Kamens) writes: > I am becoming more and more convinced that you're flaming without much >justification about something about which you know little, and frankly, >it's getting a little irritating. All I know is I became victim and there are a lot others. And it's not that hard to overcome crypt(). I admit I know too little to become a security expert. But it doesn't take a wizard to know every single file I had were brutally deleted. Are you still saying I am just flaming? if you stop me or people like me from what you call flaming, Give us secure system for first place so I don't have to post something like this anymore, period! > Well-chosen passwords *are* secure enough in almost all situations, >even when the /etc/passwd file is world-readable. The fact that you >wrote a C program to crack passwords and it successfully found yours >just means that your password was not well-chosen. You can't blame Unix >for that. I think my password was well-chosen: It is hardly English or any other language, with Uppercase and Numbers. My previous one was very random also. Yet my 10-line (now 20 and can handle even more complex cases) successfully found it: I didn't use /usr/dict/words or any sort at all. > Actually, I consider fast log-in time to be one of the most important >features in any given system. Provided it's secure enough. UNIX is not. I'm not very exceptionally rare victims. I know a lot of even severe cases broken harder, which are protected with UNIX experts. How many victims do we need to convince you guys that today's UNIX needs major upgrade of secirity? Well, even after Stockton Masscare, this country allows us to have guns without any lisence. maybe asking Americans for secirity is never secure enough for 1st place. ---------------- ____ __ __ + Dan The "Just one of many victims" Man ||__||__| + E-mail: dankg@ocf.berkeley.edu ____| ______ + Voice: +1 415-549-6111 | |__|__| + USnail: 1730 Laloma Berkeley, CA 94709 U.S.A |___ |__|__| + |____|____ + if (!strcmp(cryptpass, crypt(pass, cryptpass))) \_| | + You_Are_Toast();