From owner-freebsd-questions@FreeBSD.ORG Fri Feb 12 20:07:34 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 54625106566B for ; Fri, 12 Feb 2010 20:07:34 +0000 (UTC) (envelope-from abalour@gmail.com) Received: from mail-ew0-f211.google.com (mail-ew0-f211.google.com [209.85.219.211]) by mx1.freebsd.org (Postfix) with ESMTP id D6A1F8FC17 for ; Fri, 12 Feb 2010 20:07:33 +0000 (UTC) Received: by ewy3 with SMTP id 3so2974829ewy.13 for ; Fri, 12 Feb 2010 12:07:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:reply-to:in-reply-to :references:from:date:message-id:subject:to:cc:content-type :content-transfer-encoding; bh=grA7CCwC7WIowVui9ODzoF3RT6PeUPme2rUg9kfOn0g=; b=bk5Wvepp13mizLTOZkr4TgzPt2ghHzeBPrpyIH0BzBN/AO7jTmJMHdXr/lG/wrXZCy Z/HruzYipng0xzZ5ddEpK0ysxQOMaJYOtVBooxnlSIJBklTLER+xHL6F0eO2L8HMeE+L JLnzcxpGXrPIQewNdvRBATcmen/LvpvjWGYGI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:reply-to:in-reply-to:references:from:date:message-id :subject:to:cc:content-type:content-transfer-encoding; b=FG0IVh27jkHK9n0SEaa1he4e/E7v5YtEAO3Ul0MRDDUU58mpxy3wG+KvR4B5XfXoSe fk+GzgG+hKX7GDLhaLZP8I9SssfV1TdKiHGBUMKOBkJlV1DjHBAm30QUOesoRcHJ4zj8 CBEewWUCiolaN19SbdsvpfTep96d5scYgyPx4= MIME-Version: 1.0 Received: by 10.213.1.145 with SMTP id 17mr419696ebf.46.1266005252234; Fri, 12 Feb 2010 12:07:32 -0800 (PST) In-Reply-To: <6201873e1002120619rc40fb34n98bbb2b0db8b6b43@mail.gmail.com> References: <0B47F5A9-A603-408F-A727-E81739E539C5@andersonbrothers.biz> <201002091059.27019.mike.jeays@rogers.com> <201002120124.o1C1OS3o015060@banyan.cs.ait.ac.th> <4B751F70.8060402@gmail.com> <20100212080524.B67483@starfire.mn.org> <6201873e1002120619rc40fb34n98bbb2b0db8b6b43@mail.gmail.com> From: Ross Cameron Date: Fri, 12 Feb 2010 22:07:12 +0200 Message-ID: <35f70db11002121207i18b7669avbc118cb89db2e436@mail.gmail.com> To: Adam Vande More Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: John , Julien Gormotte , freebsd-questions@freebsd.org Subject: Re: PASSWORD LOST!! X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: ross.cameron@linuxpro.co.za List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Feb 2010 20:07:34 -0000 On Fri, Feb 12, 2010 at 4:19 PM, Adam Vande More wr= ote: > On Fri, Feb 12, 2010 at 8:05 AM, John wrote: > >> People, people - be careful that we are not creating a formula to >> break into FreeBSD servers around the world... >> >> The only acceptable solution is for someone in Eric's organization >> to secure physical access to the server. =C2=A0It may be in a co-lo >> situation, but if that's true, they must have a contract open and, >> if nothing else, they terminate the contract and get the machine >> back, though more likely, the contract allows them supervised >> access. =C2=A0Machines are not perfect - even without losing the root >> password, they break and need maintenance - this is a MAINTENANCE >> event and should be treated as such, just like a hard drive failure >> or a NIC failure. >> >> Creating a scheme for someone to break into FreeBSD systems remotely >> or to publicize schemes people have created to remotely manage their >> systems in ways that could be used to compromise them is foolishness! >> >> Regardless of the purity of his intention, Eric is asking us to >> tell him how to break into our homes or steal our cars. ;) >> > > Security through obscurity is no security, hence it is a good exercise. Agreed, in fact if anything (in my not so humble opinion) open source platforms should ALWAYS publish all known compromises and also lockdown procedures. Doing so would make sure that those of us building the install media and/or default configs do EVERYTHING possible to secure systems from the get go. --=20 "Opportunity is most often missed by people because it is dressed in overalls and looks like work." Thomas Alva Edison Inventor of 1093 patents, including: The light bulb, phonogram and motion pictures.