Adecvax.187
net.followup
utcsrgv!utzoo!decvax!aps
Wed Mar 10 19:36:39 1982
On telling people ont to crack security
I think that watmath!idallen has hit the nail on the head and would
like to explain further, possibly justify why I sent the whole to the
net.

If I were running a system, I would not encourage people to spend time
trying to break the system but would certainly want to know if and how
it were/could be done so that I could take steps to fix that whole.
(It should be pointed out that one of the methods employed by various
government agencies (including the military) to ensure security is to
have a group of people whose function is to do nothing but try and
"break in" to various installations, whether they be computer systems
or secure military installations.  Although these exercises are used
to keep security forces on their guard, it also serves to find and
patch wholes.)  I would like to know what better place other than a
university environment, to play/hack around and find wholes.  For one
thing, that exorcise provides one method of learning about systems
(good training for future computer "professionals"!).  For another,
this is one environment where a company will not fold because someone
"broke" the system.

I put onto the net, the whole (as I knew it) because it should be
understood by all who use systems (not only UNIX!).  A lack of
understanding is what has lead the media, and certain "computer
security experts", to say that this is a large whole in UNIX.  A
clear understanding of what the situation is can lead to a way
of dealing with it (patching the whole).  I think this was the
intent of the paper by Ritchie entitled "On the Security of Unix";
know the problem, then you can deal with it.

If you enforce a "police state" working environment, you will,
as IAN suggested, you will encourage an "Underground".

By the way, I wish someone would set the media straight with respect
to the fact that this situation is not directly related to the
operating system that is running on the host; but rather a "mis-
use of a feature".

Oh yes, UNIX is not a DEC product.

       Armando Stettner
       DEC UEG

-----------------------------------------------------------------
gopher://quux.org/ conversion by John Goerzen <[email protected]>
of http://communication.ucsd.edu/A-News/


This Usenet Oldnews Archive
article may be copied and distributed freely, provided:

1. There is no money collected for the text(s) of the articles.

2. The following notice remains appended to each copy:

The Usenet Oldnews Archive: Compilation Copyright (C) 1981, 1996
Bruce Jones, Henry Spencer, David Wiseman.

You are viewing proxied material from gopher.quux.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.