Path: utzoo!attcan!uunet!lll-winken!lll-lcc!ames!hc!pprg.unm.edu!kurt
From: kurt@pprg.unm.edu (Kurt Zeilenga)
Newsgroups: comp.unix.wizards
Subject: UNIX security and passwords
Message-ID: <23731@pprg.unm.edu>
Date: 3 Jan 89 19:12:43 GMT
Reply-To: kurt@pprg.unm.edu (Kurt Zeilenga)
Organization: U. of New Mexico, Albuquerque
Lines: 47

I've been following this discussion with some amazement.  I've
been managing computers for about eight years and have seen
hundreds of security incidents first hand.  Of them, I can
only remember one or two that actually tried to use a program
to guess passwords.  Hell, if I was going to break into a
computer I sure would waste my time trying to crack passwords.
Here is my list of methods I would try first:

	Open doors left my system admins
		blank or hosed lines in password files 
		write premissions
			/,/etc
			/etc/passwd
			/etc/group
			/bin/su
			dotfiles in / or sys admins home
		existance of a .rhosts/.netrc in / or sys admin home
		existance of /etc/hosts.equiv
		readable devices
		SUID programs (often breakable)
		Known passwords (note: these are not guessed)
		
	Trojan Horses
		fake getty's, etc.

	Insecure protocols, network agents
		RPC
		NFS
		UUCP
		FTP, SENDMAIL, FINGER
		X or NeWS

	Insecure network media
		Cleartext password grabbing (even more effective
			if you know how to abuse ARP and ICMP)

(I am sure I missed many ways, these were just off the top of my head).

So, I kind of agree with Barry.  P(crack password) * P(crack shadowfile)
is very close to P(crack password).  However, I much rather see all
this effort going into solving some of the basic issues.  Anyways, I
am glad to see security becoming a real issue.  

Until we educate our SYSTEM ADMINS what the hell is the point of
educating our USERS!

	- Kurt