[4245] in WWW Security List Archive
Re: re-mail
daemon@ATHENA.MIT.EDU (Mike Arnold)
Mon Feb 3 15:31:08 1997
Date: Mon, 03 Feb 1997 09:35:43 +0000
From: Mike Arnold <mike@thale.life.nottingham.ac.uk>
To: Leonid S Knyshov <wiseleo@juno.com>
CC: Adam.Drobnis@bankerstrust.com, www-security@ns2.rutgers.edu,
xande@venus.rdc.puc-rio.br
Errors-To: owner-www-security@ns2.rutgers.edu
Leonid S Knyshov wrote:
>
> Adam:
>
> The way this question is stated, it suggests that it is not going to be
> used for constructive purposes. If someone asks how to get /etc/passwd
> or something like it, chances are very slim that it is a legitimate
> reason.
>
> Based on the grammar and language style used, I have many ways to
> describe the person who wrote that and why they did it.
>
> I guess a term AOL'er can be applicable in this case. (Note: I am
> impartial toward America Online Inc.)
>
> Leo.
Thank you, I thought it was just me! It was the same criteria which made
me reply in the first place. Any systems guy/gal worth his/her salt
would already know the purpose and location of the passwd file. They
would also know the correct way to go about finding potential security
holes in this file.
Cheers
Mike
>
> On 30 Jan 1997 13:40:55 -0500 "Adam Drobnis"
> <Adam.Drobnis@bankerstrust.com> writes:
> >If I may interject, why wouldn't Alexandre need to ask this question
> >if he had
> >a legitimate reason for attempting to crack a password file?
> >I may be naive in my assessment of his request, but, if one knows how
> >to crack
> >an encrypted password file, can they not, in turn, provide a better
> >defense
> >from future
> >attacks?
