Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!know!sdd.hp.com!think.com!hsdndev!cmcl2!adm!news
From: anamaria@saffron.wpd.sgi.com (Ana Maria De Alvare')
Newsgroups: comp.unix.wizards
Subject: re: WARNING!
Message-ID: <26520@adm.brl.mil>
Date: 10 Apr 91 17:46:54 GMT
Sender: news@adm.brl.mil
Lines: 20

I agree with John Benfiel that common sense is the weapon against password 
cracking, and that a cracker only needs one misuse, poorly chosen password
to get access to your system.

I want to make it clear that a person can has access to someone machine's
password file throught the internet without having any accounts directly
related to that person.  For example, throught the ftp anonymous service,
I can copy a password file over.  This scenario is considered access to
the remote machine in question.  However, public anonymous access to a 
remote machine, is not being thought as authorizing anonymous browsing,
and copying over files other than the ones explicitly publish with 
the ftp anonymous procedures.  In other words, ftp anonymous access is not
look as individual access rights.  So beware system administrators to
curtail  the amount of access you give away to ftp anonymous services.

-------------------------------------------------------------------------------
Ana Maria De Alvare' 	MTS Secure IRIX            	 Silicon Graphics, Inc.
anamaria@sgi.COM    {decwrl,sun}!sgi!whizzer!saffron!anamaria      415-335-7309

-------------------------------------------------------------------------------