Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

rlogin -l root 10 Comments More | Login | Reply /

 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • Download and install Ettercap [sourceforge.net]. Leave it running in plain sight. Next time he uses the rlogin protocol, show how ettercap displays his password in the clear.

    I think that'll prove the point.

    --
    • Randal L. Schwartz
    • Stonehenge

    • I've told him that telnet as root is a really bad idea, I nearly fell out of my chair when I realised he was r* as root, and wanting to use NFS with root enabled. When ever I complain, he says we are behind a firewall and all the SSH stuff is just rubish from Linux - which isn't real Unix anyway....

      The real problem is a culture clash. He thinks Linux is a toy, and that SSH/sudo are pains. To him only AIX/Solaris are "real" solutions, and that plain telnet/r tools/wide open X are all you need. To me I use SSH by default, never login as root - only sudo, I don't even install r* tools, and AIX/Solaris are expensive dinosaurs (though useful skills to have on ones CV).

      It's not helped by the fact that SAP is a technical dinosaur too, it relies on the r tools, and wide open NFS shares. I think the later versions are more secure, but the one we run is antique.

      --
      -- "It's not magic, it's work..."

      • Ask him how much he is willing to bet that noone will ever break that firewall. Ask him how much he is willing to bet that no user will ever be tempted to sniff for passwords.

        Also, both sudo and SSH originate in BSD.

        sudo in particular is really, really old (from 1980 – far older than the Linux kernel, older even than the GNU project).

        Solaris ships with both.

        • Our firewall has Windows notebooks connecting through it via VPN. Personally I consider it to be meaningless, given that remote notebooks cannot be trusted. I believe the firewall even runs on a Windows server, though I could be wrong, so I don't trust in in that respect either.

          I know SSH comes from OpenBSD, but to him it's somehow "tainted goods" now it's used on Linux. I didn't know that sudo was that old, but he claims it doesn't work properly on AIX 4.x, so he never uses it.

          I suppose it mostly as ca

          --
          -- "It's not magic, it's work..."

          • Actually the userspace still differs vastly on the very lowest level (init, the toolbox, and stuff like that). For anything above the bare metal you’re right, though.

            Uhm, the setup running in your place sounds like a disaster waiting to happen. If I was in your shoes, assuming you have any responsibility for any of the systems, I’d be looking for ways to CYA.

            • I've made my concerns known...

              --
              -- "It's not magic, it's work..."
            • Categorising this as a "disaster waiting to happen" reminds me of a discussion I had recently in the comments on a friend's Live Journal [livejournal.com] - IT people seem to be not very good at evaluating risk.

              The security (or lack thereof) at ajt's employer doesn't sound any different to what it was two years ago when I started work there (I have since moved on). There were no major incidents in the year I was there and I think it unlikely that there have been since.

              • “I never fasten my seat belt.” “That’s a disaster waiting to happen.” “You are not very good at evaluating risk. I’ve never been in an accident.”

      • I'm sure I remember your lovely employer having a policy on password use. I'm quite certain that you can find something suitable in there to bash him over the head with.
Stories, comments, journals, and other submissions on use Perl; are Copyright 1998-2006, their respective owners.