[885] in Release_7.7_team
Re: why we should document forwardable tickets
daemon@ATHENA.MIT.EDU (Craig Fields)
Thu Mar 6 15:26:31 1997
Date: Thu, 6 Mar 1997 20:26:24 GMT
From: Craig Fields <cfields@MIT.EDU>
To: ghudson@MIT.EDU
Cc: mbarker@MIT.EDU, release-team@MIT.EDU
> So the risks of leaving a workstation unattended aren't really made
> worse in the 8.1 release.
Baloney. Exploiting the forwardable K5 tickets requires much less
knowledge and skill than exploiting K4 tickets. Therefore the risk
is much greater, in terms of the number of people capable of doing
the exploitation, for the K5 scenario.
We already discussed this in the release team meeting a couple of
weeks ago. If you go by this argument, we might as well abandon
password protection altogether.
Craig
