From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.5 required=5.0 tests=DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from minnie.tuhs.org (minnie.tuhs.org [45.79.103.53]) by inbox.vuxu.org (OpenSMTPD) with ESMTP id b75a84be for ; Thu, 10 Oct 2019 20:52:50 +0000 (UTC) Received: by minnie.tuhs.org (Postfix, from userid 112) id E3D499B863; Fri, 11 Oct 2019 06:52:48 +1000 (AEST) Received: from minnie.tuhs.org (localhost [127.0.0.1]) by minnie.tuhs.org (Postfix) with ESMTP id C93AD94811; Fri, 11 Oct 2019 06:52:34 +1000 (AEST) Authentication-Results: minnie.tuhs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="vbDPEpy+"; dkim-atps=neutral Received: by minnie.tuhs.org (Postfix, from userid 112) id 04E1A94811; Fri, 11 Oct 2019 06:52:33 +1000 (AEST) Received: from mail-vs1-f49.google.com (mail-vs1-f49.google.com [209.85.217.49]) by minnie.tuhs.org (Postfix) with ESMTPS id 5E49494742 for ; Fri, 11 Oct 2019 06:52:32 +1000 (AEST) Received: by mail-vs1-f49.google.com with SMTP id v19so4847663vsv.3 for ; Thu, 10 Oct 2019 13:52:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=xbEojVsp5pEbXLM7vkrLlxe5VAwUjqfqo8bnEKCcZHs=; b=vbDPEpy+o5msKOkPMuBTp19DELhtNVGWq3pCfdI7D/axeqvl+Jx8SaFJykRKuhdey7 r5o3ruLoRvqzzraG2HTKW1vXh2E29J2uUzG342b1IjRP/pso4Y6AG2cSSlRRt+tZi1j2 KXpLpmpiP7pDhVtIxlqDzieFydQeHzT/4914y0mWIbRtRk60+Mncmf8HCV/ejxVNN6kN pwtC95wuQVStqGkpj5DHHwmvOeZE/8+IbrwzbXLNsPfHQQF2s8U+1BeP7PHTybfNJ6N0 gTGejglIWJj3cun4az76jgZrrh4q5sy+GOyDw3sXhT2JzUoqFySoXLh8t0Km4d/qwQlm rTeg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xbEojVsp5pEbXLM7vkrLlxe5VAwUjqfqo8bnEKCcZHs=; b=YN6BKJOXkHTV8YYW4gVl5y/ZwaUodneBtm1nyfojlThul4KrJjeaz3PBNF3KmiUbcT 2IqdcHBjP9C0cwjBFPFYj0tQHp+dlaiqzO2MJ4HXvVZQFL9HCrJa7Tjllx8CUg0PYnvI TwXa5Et1DO2orOmZfU4YHVb39qsH+CnAeCynl/CB5uVf29jYrcFBpv2D7tia3xDGapAB ARYEWk4hfQ53ox3Rqo6jzBVCyAufsoGmPIWKHqe+ePTgDwnWqk02fubpKhTVBa/vR4b8 gce5ilUJCDtsRuLFcl7U8ImOBbfSqABuceysZg0cLJHHHwuoemI0PPuj/97otf+CsKzZ SoVA== X-Gm-Message-State: APjAAAWbqCaOTrEfYFwTTHe2qnMoKURupKzhgYZKBBNtC730FT+NaOj5 H59zgrszSNTCJLTX9okzAXBTkIPPEHnK9jwJ82c= X-Google-Smtp-Source: APXvYqyT38xo8pgAUlTIE0qX0X2EJ1Eu7Rh9k+KaxJcbVB0M8I7tqIH1wuXydwSarTD8fc/h213aP8rlLP1VFzbqQFA= X-Received: by 2002:a67:f590:: with SMTP id i16mr6776814vso.52.1570740751464; Thu, 10 Oct 2019 13:52:31 -0700 (PDT) MIME-Version: 1.0 References: <1570559927.29337.for-standards-violators@oclsc.org> <2e6e1005-3bbf-5dcc-3fcc-099864c752dc@kilonet.net> <8088e5bd-3530-d3e1-8066-db6ea9389dea@kilonet.net> In-Reply-To: From: "John P. Linderman" Date: Thu, 10 Oct 2019 16:52:19 -0400 Message-ID: To: Nemo Content-Type: multipart/alternative; boundary="000000000000867dbc0594949497" Subject: Re: [TUHS] Recovered /etc/passwd files X-BeenThere: tuhs@minnie.tuhs.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: The Unix Heritage Society mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: TUHS main list Errors-To: tuhs-bounces@minnie.tuhs.org Sender: "TUHS" --000000000000867dbc0594949497 Content-Type: text/plain; charset="UTF-8" Randal Schwartz (https://en.wikipedia.org/wiki/Randal_L._Schwartz) got slammed with 3 felony charges (since revoked) for doing that favor for Intel. An Intel VP with a ridiculously weak password was unamused. It's one thing to badger your employees, quite another to post old passwords in the clear in a public forum. Those old passwords may turn up in unexpected places, or reveal information that the user would prefer not to be made public now. (Shame on Ken for liking chess :-). Bad idea, and off-topic. On Thu, Oct 10, 2019 at 4:38 PM Nemo wrote: > On 10/10/2019, Clem Cole wrote: > > On Wed, Oct 9, 2019 at 4:00 PM Rob Pike wrote: > >> Interesting though it is, though, I find this hacking distasteful. > [...] > > Amen > > Some (large) companies regularly run password crackers on their > employees' passwords and inform them if their passwords are found > "insufficiently strong to protect company assets". > > Good, bad, distasteful, prudent, off-topic? > > N. > --000000000000867dbc0594949497 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Ran= dal Schwartz (= https://en.wikipedia.org/wiki/Randal_L._Schwartz) got slammed with 3 fe= lony charges (since revoked) for doing that favor for Intel. An Intel VP wi= th a ridiculously weak password was unamused. It's one thing to badger = your employees, quite another to post old passwords in the clear in a publi= c forum. Those old passwords may turn up in unexpected places, or reveal in= formation that the user would prefer not to be made public now. (Shame on K= en for liking chess :-). Bad idea, and off-topic.

On Thu, Oct 10, 2019= at 4:38 PM Nemo <cym224@gmail.com> wrote:
On= 10/10/2019, Clem Cole <clemc@ccc.com> wrote:
> On Wed, Oct 9, 2019 at 4:00 PM Rob Pike <robpike@gmail.com> wrote:
>> Interesting though it is, though, I find this hacking distasteful.=
[...]
> Amen

Some (large) companies regularly run password crackers on their
employees' passwords and inform them if their passwords are found
"insufficiently strong to protect company assets".

Good, bad, distasteful, prudent, off-topic?

N.
--000000000000867dbc0594949497--