At 10:36 PM 1/19/95 +0000, Karl Strickland wrote: >> I got CRACKERJACK, and once I did, I did not give it to the original >> requester, rather to our security people for a tool for them. Too >> dangerous, I can't trust that person to restrict who gets it. > >What exactly does this mean? If you get CRACKERJACK, you will see how skilled it can be at obtaining UNIX system passwords. In any organization, there tend to be key systems with some bad passwords. An angry employee or contractor in a momentary fit or rage might do something ill-considered with such a tool. Such things do happen. Thus if they have to work at getting the tool, they might cool off. Anyone that really wants to do damage can always do that, even without such a tool. The person that asked for CRACK is netorious at showing off what she can do. Been doing it here for 8 years. In this person's hands, CRACKERJACK would be all over the company in maybe a month. Now some might argue that this is good, as it will force everyone to clean up their passwords. This is like the disclouser arguement. It turns out that our UNIX heavies are getting the security religion and system holes are being closed. Rushing it would be nice, but then the job will get done sloppily. Robert Moskowitz Chrysler Corporation (810) 758-8212