X-Recipient: archive-cygwin@delorie.com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:reply-to:message-id:to:subject
	:in-reply-to:references:mime-version:content-type
	:content-transfer-encoding; q=dns; s=default; b=b2DsrRi39EBel8p3
	NrFOny0o1vG3uoNsS0e1v/2aprfFL/TNDo13jZM+sFTzW1YVjZMNi+vvulKw8ba6
	U0D9Fj5Byq+nOTYzCYKkcNm+jdvuYyO3AHTSchJsPVnGMggZqZCUOpK4l+EqD8HW
	LxTGN4uoJSbs6CnJtIs/NXTyNQ4=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:reply-to:message-id:to:subject
	:in-reply-to:references:mime-version:content-type
	:content-transfer-encoding; s=default; bh=YD3dRDntGZE66zdGIw6CaZ
	AzKHI=; b=ReQBQ7LjvyFJzsjBEGuSsVH4Sw9vs8sWbYpflmJy0L5Xh8hO/mzYap
	Ma6PzbULDMSbcqmbYxd4kHK+EiOrOTa/nUa8vkbpshUwYL+fXlb/OI7UpZ2rFzS0
	pidExEHayqyGWDMLjsjizBC/SqgPoM93/C05G4jmph4DJg86wHI00=
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=4.2 required=5.0 tests=AWL,BAYES_50,FREEMAIL_FROM,KAM_THEBAT,SPF_SOFTFAIL autolearn=no version=3.3.2
X-HELO: smtp.ht-systems.ru
Date: Fri, 25 Sep 2015 11:22:19 +0300
From: Andrey Repin <anrdaemon@yandex.ru>
Reply-To: cygwin@cygwin.com
Message-ID: <772221980.20150925112219@yandex.ru>
To: Linda Walsh <cygwin@tlinx.org>, cygwin@cygwin.com
Subject: Re: cygwin potentially corrupting permissions?
In-Reply-To: <5604B7D7.9080704@tlinx.org>
References: <CAGpXXZKUQtAbrQ80VDHZhy0aZtzG+5fDB7bcYz-kwQ3Kgx6ueQ@mail.gmail.com>       <560366EE.5020207@tlinx.org>    <CAGpXXZJeWs33BJi7qROduZEhTx1pXXXseTbfXu+QP8+cf_r5hQ@mail.gmail.com>   <466149660.20150924213756@yandex.ru> <56044E61.6060202@tlinx.org>  <1228432255.20150925044648@yandex.ru> <5604B7D7.9080704@tlinx.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes

Greetings, Linda Walsh!

> Andrey Repin wrote:
>> Obscurity has no relation to security.
>> Oh, and these both are disabled on my systems.
>> 
>>> If you read windows 'rules', you'd know that... (so many rules
>>> to read...really hard for someone to keep up)...
>> 
>> There's no such rules as "rename default accounts".
>> It makes no sense and bears no reason.
> ---
>         Security best practices :

> See "https://technet.microsoft.com/en-us/library/cc747353%28v=ws.10%29.aspx"
> and "https://technet.microsoft.com/en-us/library/jj852273.aspx"

Bullshit. Both of them.
You may "guess this user name and password combination" of a disabled account
to your heart's content. It'll won't do square shit.
The only times where you use the default administrator account is when you
run domain recovery script from recovery console. And recovery console does
not use the account name, neither check for status. It only ask for password.
Solution: Ban default accounts and let attackers try their luck.

@Greg Freemyer: An "army in the world" does not have passwords and firewalls.
That's the only reason they are trying to rely on obscurity. Doesn't quite
work, as attacker could just carpet bomb the target positions.


-- 
With best regards,
Andrey Repin
Friday, September 25, 2015 11:14:20

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple