, SecurityFocus 2000-05-01
Security companies can make headlines by using the right jargon, even when it's wrong.
Expand all |
Post comment
A couple of comments
2000-05-01
Anonymous (3 replies)
Anonymous (3 replies)
Re: A couple of comments
2000-05-01
Elias Levy <aleph1 (at) securityfocus (dot) com [email concealed]> (1 replies)
Elias Levy <aleph1 (at) securityfocus (dot) com [email concealed]> (1 replies)
Re: A couple of comments
2000-05-01
Anonymous (1 replies)
Anonymous (1 replies)
Re: A couple of comments
2000-05-01
Elias Levy <aleph1 (at) securityfocus (dot) com [email concealed]> (3 replies)
Elias Levy <aleph1 (at) securityfocus (dot) com [email concealed]> (3 replies)
Re: A couple of comments
2000-05-02
Anonymous (1 replies)
Anonymous (1 replies)
Re: A couple of comments
2000-05-02
Elias Levy <aleph1 (at) securityfocus (dot) com [email concealed]>
Elias Levy <aleph1 (at) securityfocus (dot) com [email concealed]>
Re: A couple of comments
2000-05-02
Anonymous (2 replies)
Anonymous (2 replies)
Re: A couple of comments
2000-05-02
Elias Levy <aleph1 (at) securityfocus (dot) com [email concealed]> (1 replies)
Elias Levy <aleph1 (at) securityfocus (dot) com [email concealed]> (1 replies)
Re: A couple of comments
2000-05-02
Anonymous (1 replies)
Anonymous (1 replies)
Re: A couple of comments
2000-05-02
Elias Levy <aleph1 (at) securityfocus (dot) com [email concealed]>
Elias Levy <aleph1 (at) securityfocus (dot) com [email concealed]>
The Jargon file definition seems very right. A back-door is a way in that is not suspected by the owner, regardless of motivation.
I have written a number of web administration packages. And even though I am not super-security conscious, I have them all programmed so that the package *will not work* until you change the root password. That's right, until you change the password you can only do one thing: change the password (and no matter what you do you get taken to a screen that says, prior to customizing this program you must change the password).
IMHO all packages should have this feature.
The RH package seems to go beyond not offering this security feature -- IIUC it actually takes away from it by (falsely) telling the user no such password exists. If that's not a back-door, I don't know what is!!
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/articles/25/1694#1694