In article <36F24EC9.4FF154AA at uni-duesseldorf.de>,
Hans-Peter Schmitz <schmitzh at uni-duesseldorf.de> wrote:
>I think it depends on the definition of security if you say something is
>secure or it is not. In our case we only want to preseve our data from
>being changed or destroyed. It may be different if you are in the lucky
>position where you earn lot´s of money with your data and you have to
>keep them secret ;-)
That's tru but it's not the whole story. When I was at the University
of Cambridge, a schoolkid used this sort of attack to gain access to a
small machine ina department. From this initial breakin, they got
passwords to several major servers, whic they attempted to hack into.
They succeeded in hacking into three departmental machines. These
three machines had to be completely reinstalled from scratch. I had
to change the passwords of over 200 people in that department. In all
that department lost access to their GCG server for a week. In other
words they lost 1,400 man-days work time. Over three man-years!
Now, that breakin had nothing to do with anyone being after the data.
That was a kid looking for a cheap thrill looking for standard security
loopholes like open servers. Do you still think it's not important?