[svlug] crack

[Rick Moen]

begin Dagmar d'Surreal quotation:
 
> I used to snap up shadow files all the time this way, man.  Especially
> on HPUX systems.  Wu-ftp was also quite fond of core-dumping and
> leaving the core file lying around in a place you specify.  Stuff like
> this is why the majority of systems have core files truncated to 0
> bytes by default now.  Bugtraq not only knows about this, they'd
> consider it a very dead issue for that reason.

Yes, indeed.  Core files are truncated to zero bytes by default on _any_
system run by a self-respectingly paranoid sysadmin -- which serves
nicely to get to my point:  I get really tired of alleged security
discussions that presuppose incompetent administration.

Competent sysadmins don't use wu-ftpd.  Competent sysadmins don't drape
security-sensitive corefiles around their systems.  Competent sysadmins
monitor relevant security-alert sources, and act on them immediately.
Competent sysadmins aren't shocked to find out that shadowing and NIS
don't mix.  (Competent sysadmins also go to some lengths to avoid
NIS/NIS+, when possible.)  

Competent sysadmins don't cite dumb-sysadmin errors, bad practices, or
known-but-unpatched security bugs as somehow indicating a systematic
problem with (e.g.) password shadowing.

Yet, you two goofballs have been doing little else for the past few
days.  That's a bit of a waste of everyone's time, isn't it?

-- 
Cheers,                                Before enlightenment, caffeine.
Rick Moen                              After enlightenment, caffeine.
rick at linuxmafia.com