From owner-freebsd-questions Mon Sep 6 12:55:11 1999 Delivered-To: freebsd-questions@freebsd.org Received: from pop.uniserve.com (pop.uniserve.com [204.244.156.3]) by hub.freebsd.org (Postfix) with SMTP id F1795159B0; Mon, 6 Sep 1999 12:54:32 -0700 (PDT) (envelope-from tom@uniserve.com) Received: from shell.uniserve.ca [204.244.186.218] by pop.uniserve.com with smtp (Exim 1.82 #4) id 11O4qL-0004nv-00; Mon, 6 Sep 1999 12:54:21 -0700 Date: Mon, 6 Sep 1999 12:54:19 -0700 (PDT) From: Tom X-Sender: tom@shell.uniserve.ca To: Brad Knowles Cc: Dag-Erling Smorgrav , Pascal Hofstee , freebsd-questions@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG Subject: Re: softupdates in latest build? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, 6 Sep 1999, Brad Knowles wrote: > > This doesn't make any sense. Basically you are saying that it is real > > easy to break in, so "password sniffing ability" should not be available > > because it will be easy to tell if crackers try to turn it on. First of > > all, it isn't easy to break into an up to date system. > > How many systems do you honestly expect to be "up-to-date" as > opposed to "out-of-the-box"? Many years of experience have taught me > that this percentage will be *very* low. Therefore, there's no > reason not to make whatever *reasonable* changes you can in order to > make the default out-of-the-box installation reasonable secure. Doesn't matter. What exploits work against 3.2-RELEASE out of the box? Besides, if people aren't going to keep there systems up to date, they will get broken into. You are basically assuming that any box can be broken into. So then who cares about password sniffing? ... > > Besides, most ethernets are switched these days, making password > > sniffing for anything but connections to or from the machine the sniffer > > is running on completely useless. > > I have reason to believe that it is possible to sniff through > switches, at least certain types of switches. No. > I'll say it again. If the choices are "security" or "no > security", and otherwise it doesn't make a whole lot of difference to > how it operates out-of-the-box, then why not choose security? Yes, but you want to remove a feature that is completely safe, just because it could be misused by a cracker. That seems backwards to me. > -- > These are my opinions -- not to be taken as official Skynet policy > ____________________________________________________________________ > |o| Brad Knowles, Belgacom Skynet NV/SA |o| > |o| Systems Architect, News & FTP Admin Rue Col. Bourg, 124 |o| > |o| Phone/Fax: +32-2-706.11.11/12.49 B-1140 Brussels |o| > |o| http://www.skynet.be Belgium |o| > \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ > Unix is like a wigwam -- no Gates, no Windows, and an Apache inside. > Unix is very user-friendly. It's just picky who its friends are. > > Tom To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message