[ale] Linux "course" at GT?

Michael H. Warfield mhw at wittsend.com
Sun Sep 12 10:36:27 EDT 1999 

Jay Finch enscribed thusly:
> At 08:18 AM 09/11/1999 -0600, Chris Ricker wrote:
> > > Just one datapoint.  It does make you worry about new Linux installations
> > > in the dorms who haven't even created a root password yet :)

> >That's why Tech people have been griping to Slackware for years about their
> >insecure practice of not forcing you to set root before you reboot out of
> >install ;-).  FYI, one thing OIT does is random scans of resnet with ISS and
> >similar tools.  If a machine shows up as insecure on their scan, they turn
> >the port off and yell at the kid until he or she fixes their box before
> >turning the port back on.

>          Hehe ... Actually, Slackware 4.0 now requires you to set your root 
> password before the installation completes.  I always wondered about why 
> they didn't require that  myself... (And I've always been a big fan of 
> Slackware...)

	They (in particular Patrick) finally did that after I hammered them
by publishing a security advisory on it.  Seems that you could connect into
a box immediately after the first reboot and get logged in via telnet or rsh
before the dude at the console even got his first login prompt (he was still
watching the rc scripts running).

	They just recently added a security mailing list after a reporter
went from my security tutorial at LinuxWorld and walked up to them the
next day on the expo floor and proceeded to chew them a new one up one
side and down the other.  One of the gang there complained to me about
getting chewed out and I complained back that I told Patrick about this
6 months ago.  The response was "we are already getting ready to do it".
Couple of weeks later, we have a slackware security list...

	Some people believe that Slackware is more secure than RedHat because
of all the RedHat updates and advisories.  I think Slackware is less secure
because you don't get advisories and can't (couldn't) tell what was being
updated and for what.  Their excuse was that it was all in the change log
as if someone was going to go examine the change log weekly to see why they
got broke into yesterday.  They're correcting that now, as well.

	Some people are just slower than others.

	They are getting better...

> Anyways...

> Cheers!
> Jay
> -----
> Jay Finch                       : "Nothing is easier than fault-finding;
> President/GKE of NERO-Atlanta   :  no talent, no self-denial, no brains;
> (770) 650-0410  (voice)         :  no character is required to set up
> horus at larp.com                  :  in the grumbling business."
> pagejay at larp.com (pager)        :                       -- Robert West
> MTBI Survey says:  ENFJ         :
>        Check out my home page at:  http://www.photobooks.com/~horus/
> 

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com
  (The Mad Wizard)      |  (770) 331-2437   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

More information about the Ale mailing list