Re: cygwin potentially corrupting permissions?

[Andrey Repin <anrdaemon at yandex dot ru>]

Greetings, Linda Walsh!

> Andrey Repin wrote:
>> Obscurity has no relation to security.
>> Oh, and these both are disabled on my systems.
>> 
>>> If you read windows 'rules', you'd know that... (so many rules
>>> to read...really hard for someone to keep up)...
>> 
>> There's no such rules as "rename default accounts".
>> It makes no sense and bears no reason.
> ---
>         Security best practices :

> See "https://technet.microsoft.com/en-us/library/cc747353%28v=ws.10%29.aspx";
> and "https://technet.microsoft.com/en-us/library/jj852273.aspx";

Bullshit. Both of them.
You may "guess this user name and password combination" of a disabled account
to your heart's content. It'll won't do square shit.
The only times where you use the default administrator account is when you
run domain recovery script from recovery console. And recovery console does
not use the account name, neither check for status. It only ask for password.
Solution: Ban default accounts and let attackers try their luck.

@Greg Freemyer: An "army in the world" does not have passwords and firewalls.
That's the only reason they are trying to rely on obscurity. Doesn't quite
work, as attacker could just carpet bomb the target positions.


-- 
With best regards,
Andrey Repin
Friday, September 25, 2015 11:14:20

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple