Path: utzoo!attcan!utgpu!watmath!uunet!lll-winken!csd4.milw.wisc.edu!indri!nic.MR.NET!shamash!sialis!rjg From: rjg@sialis.mn.org (Robert J. Granvin) Newsgroups: unix-pc.general Subject: Re: security Message-ID: <1535@sialis.mn.org> Date: 6 Jun 89 12:28:48 GMT References: <19071@cup.portal.com> <14373@bfmny0.UUCP> <1526@sialis.mn.org> <1528@sialis.mn.org> <14270@watdragon.waterloo.edu> <537@uncle.UUCP> <14290@watdragon.waterloo.edu> Reply-To: rjg@sialis.mn.org (Robert J. Granvin) Organization: Dr. Ho Laboratory and Day Care Center Lines: 32 >True, but many of the UNIXpc security holes are specific to the UNIXpc. >It requires a good level of knowledge to exploit them. Not that they >are hard, but most users would require some time to find them due to >an unfamiliarity with the machine. On the other hand, having a root >directory that is 777 is asking to be broken an would be a standard >thing to check for on ANY Unix box. A fair level of knowledge really. Not necessarily a good level. Today, you can be fairly certain that if a person has a personal machine on the net, that it's more than likely some sort of Unix/Xenix PC type box, or a 3b1/7300. Map distributions notoriously describe the machine you are using, in significant detail. You can also guess what type of system a person has by what newsgroups that person is active in. Other 3b1 utilities make it easier for a security breach as well, without having to go through much difficulties. Have you passworded your "install" login? Even someone who is completely scared off by 'root' can work around 'install' quite easily. I once watched someone diligently attempt to break into my machine via install... Oh, pity the wasted time of the poor fool... :-) It is a mistake to assume that a security breach will immediately come from a direct route. -- ________Robert J. Granvin________ INTERNET: rjg@sialis.mn.org ____National Computer Systems____ CONFUSED: rjg%sialis.mn.org@shamash.cdc.com __National Information Services__ UUCP: ...uunet!rosevax!sialis!rjg "Exxon: Our gasoline contains no sea water"