"Mark R. Lindsey" made the following keystrokes: > >Knowledge if you know you're supposed to disable ssh root logins, and >I know that too, and I know that you know, and you know that I know, >and I know you know I know, ad infinitum. [1, 2]
>For example, all electricians know that the green wire is >NEVER the hot wire. And all drivers know that the person turning right >has the right-of-way (unless you're at a red light in Philadelphia, >where all the rules are different). > >Less trivially, do we all know that the root password shouldn't be >'root'? Can we all depend on everybody else knowing that? Knowing what you are supposed to is not really the issue. The bigger question is do you understand WHY you should do that. It's not a matter of recognizing the things from the book that are really dumb examples but applying that knowledge to find very similar situations that are just as dumb, but not written down. There is a huge difference in knowing that you are not supposed to connect the green wire to the hot line and knowing that if you do someone may get killed. If I know that that "root" shouldn't be the root password, what prevents me from setting it to abc123? It's just as bad, but that wasn't the question on the test, so is it ok? /~\ The ASCII Gene Rackow email: [email protected] \ / Ribbon Campaign Cyber Security Office voice: 630-252-7126 X Against HTML Argonne National Lab / \ Email! 9700 S. Cass Ave. / Argonne, IL 60439 _______________________________________________ Discuss mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
