Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!rutgers!cmcl2!phri!roy
From: roy@phri.UUCP (Roy Smith)
Newsgroups: news.admin
Subject: Re: Is uunet a security hole?
Keywords: uucp logins security
Message-ID: <3640@phri.UUCP>
Date: 30 Dec 88 15:38:38 GMT
References: <44465@beno.seismo.CSS.GOV> <300@ssbn.WLK.COM>
Reply-To: roy@phri.UUCP (Roy Smith)
Organization: Public Health Research Inst. (NY, NY)
Lines: 22

bill@ssbn.WLK.COM (Bill Kennedy) writes:
> I had a similar intrusion which prompted me to set up separate logins for
> each uucp neighbor and separate Permissions appropriate to each site.

	We had a uucp breakin a while ago (described in vivid detail on the
old security mailing list several years back).  The major faults in our
security system were violations of the most basic rules.  First, one of our
uucp neighbors kept his L.sys file world-readable and second, we had a user
account here with no password on it.

	The point of this message is to underscore that before you go off
arguing about the fine points of your security system, you should make sure
that your front door is not wide open.  My experience is that the single
biggest threat to system security is simple carelessness about passwords.
People pick bad ones (or none at all), write them down in obvious places,
tell other people what they are, never change them, and resist all efforts
by system administrators to make them alter their ways.
-- 
Roy Smith, System Administrator
Public Health Research Institute
{allegra,philabs,cmcl2,rutgers}!phri!roy -or- phri!roy@uunet.uu.net
"The connector is the network"