Xref: utzoo news.admin:4146 comp.mail.uucp:2431
Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!nrl-cmf!ames!killer!convex!uunet!pilchuck!ssc!fyl
From: fyl@ssc.UUCP (Phil Hughes)
Newsgroups: news.admin,comp.mail.uucp
Subject: Re: How safe is UUCP?
Summary: Here is something worse
Message-ID: <1555@ssc.UUCP>
Date: 1 Dec 88 18:51:54 GMT
References: <4950@b-tech.ann-arbor.mi.us> <811@mailrus.cc.umich.edu>
Organization: SSC, Inc., Seattle, WA
Lines: 18

Just to put our fears in perspective I learned the following while
teaching a UNIX seminar earlier this week:

Some vendor (I don't know their name) markets a software package for
Hospitals that runs under UNIX.  The vendor requires that you have dial-in
access to your system avaiable to them and that you give them root access.
If this isn't bad enough, they require that you use a root password that
they specify.  It turns out that they actually require all of their
customers use the same root password so that they won't have to remember
the specific one for your system.

I think I convinced my student to quit her job as the systems
administrator if her boss doesn't let her change their root password but
apparently there are a hundred hospitals all over the US with the same
root password and dial-in access available.  
-- 
Phil Hughes, SSC, Inc. P.O. Box 55549, Seattle, WA 98155  (206)FOR-UNIX
    uw-beaver!tikal!ssc!fyl or uunet!pilchuck!ssc!fyl or attmail!ssc!fyl