Ross Cameron abalour at
Fri Feb 12 20:07:34 UTC 2010

On Fri, Feb 12, 2010 at 4:19 PM, Adam Vande More <amvandemore at> wrote:
> On Fri, Feb 12, 2010 at 8:05 AM, John <john at> wrote:
>> People, people - be careful that we are not creating a formula to
>> break into FreeBSD servers around the world...
>> The only acceptable solution is for someone in Eric's organization
>> to secure physical access to the server.  It may be in a co-lo
>> situation, but if that's true, they must have a contract open and,
>> if nothing else, they terminate the contract and get the machine
>> back, though more likely, the contract allows them supervised
>> access.  Machines are not perfect - even without losing the root
>> password, they break and need maintenance - this is a MAINTENANCE
>> event and should be treated as such, just like a hard drive failure
>> or a NIC failure.
>> Creating a scheme for someone to break into FreeBSD systems remotely
>> or to publicize schemes people have created to remotely manage their
>> systems in ways that could be used to compromise them is foolishness!
>> Regardless of the purity of his intention, Eric is asking us to
>> tell him how to break into our homes or steal our cars. ;)
> Security through obscurity is no security, hence it is a good exercise.

Agreed, in fact if anything (in my not so humble opinion) open source
platforms should ALWAYS publish all known compromises and also
lockdown procedures.

Doing so would make sure that those of us building the install media
and/or default configs do EVERYTHING possible to secure systems from
the get go.

"Opportunity is most often missed by people because it is dressed in
overalls and looks like work."
    Thomas Alva Edison
    Inventor of 1093 patents, including:
        The light bulb, phonogram and motion pictures.

More information about the freebsd-questions mailing list