Mailing List Archive
Support open source code!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: tlug: 2.2.14 Vs. TurboLinux
- To: tlug@example.com
- Subject: Re: tlug: 2.2.14 Vs. TurboLinux
- From: Jonathan Q <jq@example.com>
- Date: Thu, 27 Apr 2000 01:43:33 +0900 (JST)
- Content-Type: TEXT/PLAIN; charset=US-ASCII
- In-Reply-To: <Pine.LNX.4.10.10004260938560.5845-100000@example.com>
- Reply-To: tlug@example.com
- Sender: owner-tlug
On Wed, 26 Apr 2000, Scott M. Stone wrote: > we just have Workstation, Server, and Cluster Server here in the States. > Haven't seen Cluster Server yet. I wonder if they're going to play up the > big security hole in Redhat's 'piranha' (web/ftp clustering software) > now.. Having read all the posts reqarding that on Bugtraq, I think the ISS announcement was, well, rather overdone. That was a poor choice of a default password, but hardly qualifies as a backdoor. Red Hat has also stated that it was in fact documented with instructions to change it (I have not independently verified if it is or not). There was also a comment made (I don't recall by who) to the effect that if you deploy something on the web without reading the docs, you are at least partly responsible for anything bad that happens to you as a result thereof. I can't particularly argue with that. RTFM is still good advice. Anyway, not even Microsoft would do something as stupid as to try to make a backdoor that way, especially when the source is available. Even MS hides their backdoors better and protects them with nice little passwords that call Netscape engineers wienies :-) As soon as this weak default password in Piranha was reported, Red Hat created and released an updated package, so this is basically already a non-issue except for those who have not changed that default password. And now that this is a known issue, they better hurry. The script kiddies will come calling soon enough. Web-based configuration systems in general make me nervous, though. It just leaves you with that many more chances for a hole to exist and be exploited. I'm only totally comfortable with them if they are firewalled off, or they only work from localhost. Jonathan -------------------------------------------------------------------- Next Technical Meeting: May 13 (Sat) 13:30 Temple University Japan * Topic: Crypto and Security Speaker: Chris Sekiya Next Nomikai Meeting: June 16 (Fri), Tengu TokyoEkiMae. -------------------------------------------------------------------- more info: http://www.tlug.gr.jp Sponsor: Global Online Japan
- References:
- Re: tlug: 2.2.14 Vs. TurboLinux
- From: "Scott M. Stone" <sstone@example.com>
- Re: tlug: 2.2.14 Vs. TurboLinux
- Prev by Date: Re: tlug: Linux with ISDN
- Next by Date: Re: tlug: Linux with ISDN
- Prev by thread: Re: tlug: 2.2.14 Vs. TurboLinux
- Next by thread: tlug: NIC data glut
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |