On 01/24/2013 10:34 AM, m.roth@xxxxxxxxx wrote:
> Robert Moskowitz wrote:
>> On 01/23/2013 03:53 PM, Cliff Pratt wrote:
>>> On Thu, Jan 24, 2013 at 7:52 AM, Robert Moskowitz <rgm@xxxxxxxxxxxxxxx>
>>> wrote:
>>>> On 01/23/2013 01:39 PM, m.roth@xxxxxxxxx wrote:
>>>>> Robert Moskowitz wrote:
>>>>>> On 01/23/2013 06:23 AM, Adekoya Adekunle wrote:
> <snip>
>>>> I don't use sudo. If I need root changes, I better have the root
>>>> password to use su. If I don't have the root password, then it is
>>>> either not my system to change, or I have a serious problem indeed.
>>>>
>>> That's fine unless you have 100s of machines to administer. If you
>>> have 100 machines do you a) set all the root passwords to the same, or
>>> b) maintain a manual file of logins.
>> I am fortunate this way; this is not my day job. But I do not have an
>> IT group to manage most of my systems I use to support my day job, so I
>> am it. Thus I lean on those of you that have this as a day job to
>> figure out what I have not yet figured out. I do try and help with what
>> I know, but most of it is theory on things which are still a few years
>> out. What many of you are working with in security services, I was
>> working on developing back when they were developed. Like digital certs
>> and PKI infrastructure as an example. Today my efforts are in what is
>> called 'the Internet Of Things' and 'Home Area Networks' and 'Medical
>> Body Area Networks'. Mostly those little tiny things that most are not
>> bothering to secure.
> Oh, Ghu, NO!!! You're the one responsible for that horror.
>
> You think I exaggerate? Consider the "smart house" when it blue screens.
> And "not secured"? So that some 16 yr old script kiddie can defrost your
> refrigerator when you're not home, full of food? Or turn your hot water
> heater to "lobster boil temp"?
Note, I am the one trying to fix this disaster. Check out IEEE
802.15.9. I am privy to attacks that you do not even want to know
about. Be afraid. Be VERY afraid.
>
> Note that it was just a few years ago that some moron in Britrail? One of
> the privatized British rail services? had their centralized contol on the
> Net, and some 16 yr old idiot broke it, changed a switch setting, and a
> train derailled with injuries, maybe some fatalities.
Why I am working with IEEE 802.15.4p, Postive Train Control. Which is a
federal law and the proprietary solutions getting deployed to meet the
2014 date are badddddd.
>
> So I am *NOT* happy with that idea....
>> Thanks for all the help you people provide me. Hopefully I will be
>> helping to create technologies that will continue to provide you all
>> with livelyhoods :)
> Great. I get to look forward to upgrading the security on your toilet....*
YEP! Already an issue in asia.
>> Oh, years ago I wrote about the importance of writing down important ids
>> and passwords and putting them in a firebox with someone important
>> knowing where it is. There are lots of disaster stories out their,
>> small and large, where the people that knew these were lost and data was
>> or almost lost as well. And I was talking to Tatu Ylonen, the creator
>> of SSH (when he was a student in Helsinki), back in November on the
>> disaster of SSH accounts at many large companies. He has found banks
>> with thousands of SSH accounts that no one knows whose they are or how
>> to clean them up. He is working on a set of tools to help out on this.
> What, you're forgetting, was it LA or SF, that just had that happen very
> publicly, when that admin left and didn't want to tell the admins the
> passwords, a couple of years ago?
>
> No. A manager should *always* have the written passwords, somewhere, if
> you quit, or get hit by a car coming back from lunch....
And how many managers don't?
Yeah, lifetime employment....
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
