It seems that VMware became aware that just about everyone has been logging into their ESXi boxes and enabling SSH access. So for the 4.1 release of ESXi, it is easy to enable the feature from within the vSphere client. Here's how.

I'm using a locked down desktop at a client site at the moment. They have done a good job. I can't change any of the properties of the system, I can only see limited views in Windows Explorer. I can't even run cmd.exe. But they have forgotten one dangerous thing: command.com. It's the 16bit version of cmd.exe and lives in the system32 folder. This shell isn't tied down by group policy because it just doesn't understand these restrictions. From this shell, I can run telnet, tftp and all sorts of other useful tools. History - it's always there in the background.

I've got a pile of work to do with RSA coming up over the next six weeks. I'll be pretty much living and breathing the product in a project that will probably take me to Berlin, New York and London. It's an upgrade project so I thought I'd set up a sample environment and work through the process (yet again) as a bit of a practice. Any regular readers would know that I have fought with RSA 7.1 before. And I'm fighting it again today.

It is prescient that I was about to post the following, another one of my old blog entries, when I received a Skype message from a client who has lost the password to a Nokia. The password reset procedure requires local console access, so is secured by the usual physical access protections that should be applied to all comms rooms.

Remember that the following was originally written in 1999 and has been updated only a little bit for this blog. How many other IT manufacturers can reference consistency over ten years? Anyway...

Today, I had the dubious pleasure of attending a client site to tidy up, change passwords and deny access for a guy who has just been fired. They had clearly decided a few weeks ago that he was going to be fired if he didn't improve. I've worked alongside him before and I can see why he got the boot. He meant well, but the spark wasn't there. They knew he'd be angry and obviously thought that he would become the fabled 'disgruntled employee' of many a security white-paper.