From owner-freebsd-security  Fri Aug 17 23:57:41 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mercury.ccmr.cornell.edu (mercury.ccmr.cornell.edu [128.84.231.97])
	by hub.freebsd.org (Postfix) with ESMTP id 1A50C37B40F
	for <freebsd-security@FreeBSD.ORG>; Fri, 17 Aug 2001 23:57:33 -0700 (PDT)
	(envelope-from mitch@ccmr.cornell.edu)
Received: from ruby.ccmr.cornell.edu (IDENT:0@ruby.ccmr.cornell.edu [128.84.231.115])
	by mercury.ccmr.cornell.edu (8.9.3/8.9.3) with ESMTP id CAA26226;
	Sat, 18 Aug 2001 02:57:32 -0400
Received: from localhost (mitch@localhost)
	by ruby.ccmr.cornell.edu (8.9.3/8.9.3) with ESMTP id CAA28019;
	Sat, 18 Aug 2001 02:57:31 -0400
X-Authentication-Warning: ruby.ccmr.cornell.edu: mitch owned process doing -bs
Date: Sat, 18 Aug 2001 02:57:31 -0400 (EDT)
From: Mitch Collinsworth <mitch@ccmr.cornell.edu>
To: Mikhail Kruk <meshko@polkan2.dyndns.org>
Cc: freebsd-security@FreeBSD.ORG
Subject: RE: Silly crackers... NT is for kids...
In-Reply-To: <Pine.BSF.4.33.0108180041390.92972-100000@localhost>
Message-ID: <Pine.LNX.4.10.10108180249530.1887-100000@ruby.ccmr.cornell.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


On Sat, 18 Aug 2001, Mikhail Kruk wrote:

> The best environment for development is
> when any service is enabled and all users have blank passwords so that
> anyone can use anyone's machine.

That's crazy.  There's no audit trail.  If nothing else, one disgruntled
employee can wreak havoc without anyone even knowning who it was.


> Putty is absolutely the best for Win32:

Putty is great.  I use it and love it, but with no X11 forwarding it
is NOT the absolute best.


> And finally setup your telnetd so that it will print a message saying
> "telnet is insecure. please use ssh" etc. It will display this message,
> sleep for 60 seconds and then run normal telnetd. Most people will just
> sit there and wait for 60 seconds, then use telnet. After one or two month
> of this torture disable telnetd for good (keep the message, but don't run
> telnetd). People will download ssh and think "Thank God, I don't have to
> wait for 60 seconds now! I love that SSH thing!"
> That's what our sysadmin did (shell server used by some 4000 undergrads)
> and it worked.

Now this is a great idea!  I think I'll give it a try.  Thanks for
passing it on.

-Mitch


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message