Aucbcory.222
net.followup
utcsrgv!utzoo!decvax!ucbvax!ARPAVAX:CAD:ESVAX:Cory:c153-3ad
Wed Mar 10 14:17:58 1982
Universities and Security
Presumably the San Francisco Examiner would instruct all CS professors
to instruct their students to stop all behavior oriented towards break-
ing security.  Well,

       [1]  As long as computers run reasonably powerful operating
            systems, security holes will exist.

       [2]  Many such holes cannot be fixed until thy are found by
            users in the field.

       [3]  Someone, somewhere, will always be trying to find these
            holes.

Hence, it's much better to find holes on systems without real money
(i.e., bank systems) like University computers then to wait for some
particular hole to be found by an embezzler.  The (re)discovery of
the Block Retransmit hole actually ENHANCES computer security.

The counter-argument, that if "students don't find these holes, nobody
will", sounds like the "if we pass gun control laws, criminals will
voluntarily turn in their guns" line to me:  hopelessly naive.

                               Michael Chastain

-----------------------------------------------------------------
gopher://quux.org/ conversion by John Goerzen <[email protected]>
of http://communication.ucsd.edu/A-News/


This Usenet Oldnews Archive
article may be copied and distributed freely, provided:

1. There is no money collected for the text(s) of the articles.

2. The following notice remains appended to each copy:

The Usenet Oldnews Archive: Compilation Copyright (C) 1981, 1996
Bruce Jones, Henry Spencer, David Wiseman.

You are viewing proxied material from gopher.quux.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.