Xref: utzoo news.admin:4146 comp.mail.uucp:2431 Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!nrl-cmf!ames!killer!convex!uunet!pilchuck!ssc!fyl From: fyl@ssc.UUCP (Phil Hughes) Newsgroups: news.admin,comp.mail.uucp Subject: Re: How safe is UUCP? Summary: Here is something worse Message-ID: <1555@ssc.UUCP> Date: 1 Dec 88 18:51:54 GMT References: <4950@b-tech.ann-arbor.mi.us> <811@mailrus.cc.umich.edu> Organization: SSC, Inc., Seattle, WA Lines: 18 Just to put our fears in perspective I learned the following while teaching a UNIX seminar earlier this week: Some vendor (I don't know their name) markets a software package for Hospitals that runs under UNIX. The vendor requires that you have dial-in access to your system avaiable to them and that you give them root access. If this isn't bad enough, they require that you use a root password that they specify. It turns out that they actually require all of their customers use the same root password so that they won't have to remember the specific one for your system. I think I convinced my student to quit her job as the systems administrator if her boss doesn't let her change their root password but apparently there are a hundred hospitals all over the US with the same root password and dial-in access available. -- Phil Hughes, SSC, Inc. P.O. Box 55549, Seattle, WA 98155 (206)FOR-UNIX uw-beaver!tikal!ssc!fyl or uunet!pilchuck!ssc!fyl or attmail!ssc!fyl