[Ti] more 10.2.8 and car analogies
Chris Olson
chris at astcomm.net
Thu Oct 2 06:21:16 PDT 2003
On Thursday, October 2, 2003, at 08:08 AM, Neil Cadsawan wrote:
> Well, unlike other companies whose default settings for ports is to
> leave them on, Apple has the presence of mind not to enable remote
> login as as a default option. You must manually activate this
> functionality for it to be a problem in the first place. And if you
> do, you would also hopefully be aware of its vulnerabilities by now
> and would have taken measures to guard against it. If you haven't,
> then that's your fault. Remote login is a fairly advanced feature and
> to use it would mean that you know more than the average user.
>
> Not being impressed is a rather uninformed position.
Oh, really? YOU'RE the one that's uninformed. I don't give a rats
arse whether or not you enable "remote login". The vulnerability
involves a buffer mismanagement problem whereby an attacker can gain
root access to the machine via the sshd user process.
I know a software company in Redmond that has "security experts" with
the same attitude as your post.
--
Chris
More information about the Titanium
mailing list