X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:reply-to:message-id:to:subject
	:in-reply-to:references:mime-version:content-type
	:content-transfer-encoding; q=dns; s=default; b=b2DsrRi39EBel8p3
	NrFOny0o1vG3uoNsS0e1v/2aprfFL/TNDo13jZM+sFTzW1YVjZMNi+vvulKw8ba6
	U0D9Fj5Byq+nOTYzCYKkcNm+jdvuYyO3AHTSchJsPVnGMggZqZCUOpK4l+EqD8HW
	LxTGN4uoJSbs6CnJtIs/NXTyNQ4=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:reply-to:message-id:to:subject
	:in-reply-to:references:mime-version:content-type
	:content-transfer-encoding; s=default; bh=YD3dRDntGZE66zdGIw6CaZ
	AzKHI=; b=ReQBQ7LjvyFJzsjBEGuSsVH4Sw9vs8sWbYpflmJy0L5Xh8hO/mzYap
	Ma6PzbULDMSbcqmbYxd4kHK+EiOrOTa/nUa8vkbpshUwYL+fXlb/OI7UpZ2rFzS0
	pidExEHayqyGWDMLjsjizBC/SqgPoM93/C05G4jmph4DJg86wHI00=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=4.2 required=5.0 tests=AWL,BAYES_50,FREEMAIL_FROM,KAM_THEBAT,SPF_SOFTFAIL autolearn=no version=3.3.2
X-HELO:	smtp.ht-systems.ru
Date:	Fri, 25 Sep 2015 11:22:19 +0300
From:	Andrey Repin <anrdaemon AT yandex DOT ru>
Reply-To:	cygwin AT cygwin DOT com
Message-ID:	<772221980.20150925112219@yandex.ru>
To:	Linda Walsh <cygwin AT tlinx DOT org>, cygwin AT cygwin DOT com
Subject:	Re: cygwin potentially corrupting permissions?
In-Reply-To:	<5604B7D7.9080704@tlinx.org>
References:	<CAGpXXZKUQtAbrQ80VDHZhy0aZtzG+5fDB7bcYz-kwQ3Kgx6ueQ AT mail DOT gmail DOT com> <560366EE DOT 5020207 AT tlinx DOT org> <CAGpXXZJeWs33BJi7qROduZEhTx1pXXXseTbfXu+QP8+cf_r5hQ AT mail DOT gmail DOT com> <466149660 DOT 20150924213756 AT yandex DOT ru> <56044E61 DOT 6060202 AT tlinx DOT org> <1228432255 DOT 20150925044648 AT yandex DOT ru> <5604B7D7 DOT 9080704 AT tlinx DOT org>
MIME-Version:	1.0
X-IsSubscribed:	yes

Greetings, Linda Walsh!

> Andrey Repin wrote:
>> Obscurity has no relation to security.
>> Oh, and these both are disabled on my systems.
>> 
>>> If you read windows 'rules', you'd know that... (so many rules
>>> to read...really hard for someone to keep up)...
>> 
>> There's no such rules as "rename default accounts".
>> It makes no sense and bears no reason.
> ---
>         Security best practices :

> See "https://technet.microsoft.com/en-us/library/cc747353%28v=ws.10%29.aspx"
> and "https://technet.microsoft.com/en-us/library/jj852273.aspx"

Bullshit. Both of them.
You may "guess this user name and password combination" of a disabled account
to your heart's content. It'll won't do square shit.
The only times where you use the default administrator account is when you
run domain recovery script from recovery console. And recovery console does
not use the account name, neither check for status. It only ask for password.
Solution: Ban default accounts and let attackers try their luck.

@Greg Freemyer: An "army in the world" does not have passwords and firewalls.
That's the only reason they are trying to rely on obscurity. Doesn't quite
work, as attacker could just carpet bomb the target positions.


-- 
With best regards,
Andrey Repin
Friday, September 25, 2015 11:14:20

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -