RE: Default Admin Account

Your correct that is doesn't give someone the right. However, as you stated it can be negligent and could make you culpable if there is a breach. My point is to concentrate on what you can control, which is to Defend against, Identify and Destroy intruders. The intentions of others are outside that scope.


-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of Prodigi Child
Sent: Wednesday, February 04, 2009 2:39 AM
To: 'J.Hart, Elec.Eng.Tech.'; pen-test@xxxxxxxxxxxxxxxxx
Subject: RE: Default Admin Account

On the default admin accounts on US Military machines, I think that poor (or even negligent) security is no excuse for a compromising a system. To borrow from the port scanning debates, leaving my front door wide open doesn't give someone permission to invade my home.

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of J.Hart, Elec.Eng.Tech.
Sent: Monday, February 02, 2009 10:49 AM
To: pen-test@xxxxxxxxxxxxxxxxx
Subject: Default Admin Account

Hey all,

I have been following the Gary McKinnon case for years now.
My interest is in the legal area of penetration testing and the evolution of cyber law.
What do IT Security experts and pen-testers think about the default administration account on the US Military machines? You can read about the case here

"For the best in web site design - StarNET

This message was sent using IMP, the Internet Messaging Program.