Hi Folks, I have just been scouring Sun's Bug Reports for some information and I discovered that you can easily trawl for useful information about both Sun and its clients. Information exposed includes:- * Copies of /etc/passwd (i.e. user names) * Copies of /etc/shadow (i.e. encrypted passwords) * Configuration of network services (i.e. inetd.conf) It is trivial to put together searches that glean this for some of their customers. Whilst the contract services restrictions are in place for accessing these accounts, logins must be in wide circulation. I know 3 or 4 accounts from various past employers myself. When logging a support call I do not often consider what might happen to the call notes. I am sure that Sun are not the only company doing this and this is not aimed at Sun in particular, they are just an example. Serious consideration should be given to what information you are prepared to pass to those who support you - do you trust the rest of their customers (at best) or the entire internet (at worst). Anyway not earth shattering but food for thought. Regards, Ken. PS - Please do not interpret the domain that this mail comes from as any indication that I work for the European Bank for Reconstruction & Development. I in fact contract to Hewlett Packard and am simply based at the bank - all the opinions expressed above are my own and have nothing to do with either of these organisations.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:45:38 PDT