From owner-freebsd-security  Fri Jun  1  3:14: 9 2001
Delivered-To: freebsd-security@freebsd.org
Received: from impatience.valueclick.com (impatience.valueclick.com [216.246.96.99])
	by hub.freebsd.org (Postfix) with SMTP id 3D2A437B422
	for <freebsd-security@FreeBSD.ORG>; Fri,  1 Jun 2001 03:14:07 -0700 (PDT)
	(envelope-from ask@valueclick.com)
Received: (qmail 7221 invoked by uid 500); 1 Jun 2001 10:14:07 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 1 Jun 2001 10:14:07 -0000
Date: Fri, 1 Jun 2001 03:14:06 -0700 (PDT)
From: Ask Bjoern Hansen <ask@valueclick.com>
To: Alex Holst <a@area51.dk>
Cc: <freebsd-security@FreeBSD.ORG>
Subject: Re: Apache Software Foundation Server compromised, resecured. (fwd)
In-Reply-To: <20010601013041.A32818@area51.dk>
Message-ID: <Pine.LNX.4.33.0106010307440.6312-100000@impatience.valueclick.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Fri, 1 Jun 2001, Alex Holst wrote:

[...]
> gives the impression that people are still using passwords (as
> opposed to keys with passphrases) for authentication in this day
> and age. Is that correct? If so, why is that?

CVS pserver; weird windows SSH clients; convenience; laziness;
"don't know any better"; ...  Of any group of hundreds of developers
I'm afraid that you'll find that MANY are not as aware of (unix)
security issues as the average subscribe to freebsd-security.


 - ask

-- 
ask bjoern hansen, http://ask.netcetera.dk/   !try; do();


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message