Aucbarpa.982
net.followup
utcsrgv!utzoo!decvax!ucbvax!ARPAVAX:arnold
Thu Mar 11 15:50:50 1982
Security and user environments
The greatest advance in security here at Berkeley (and what lead to
the fact that the security bug "discovered" here wasn't exploited (much))
had nothing to do with software, but with the attitude of the persons
involved in runnig the system here. I will elaborate, but names will
be left out.
The last system manager we had for our main undergraduate computer
acted in a paranoid fashion. He used more resources adding snooping
frobs into the system and using them than in improving the system.
During this time, of course, there was an underground, and several
people broke into the system. Most of the use wasn't malicious,
however, but only a few holes were patched by the system people.
After he left to form his own UNIX consulting firm, the person who
took over followed a different tack. He co-opted several of the
more promising hackers into doing system work, was open and friendly,
didn't spend time and resources snooping around (well, hardly any).
Now, the most common thing to happen when a user finds a security
problem is to \report/ it to him or one of the co-opted hackers.
The bug gets fixed, and we all live happily ever after. Of course,
there are still people bent on destructive hole searching and
abusing, but persons of essentialy good nature who stumble on
or search holes out are much more likely to help them get fixed.
Moral? Treat your users like friends, not enemies.
Ken
-----------------------------------------------------------------
gopher://quux.org/ conversion by John Goerzen <
[email protected]>
of
http://communication.ucsd.edu/A-News/
This Usenet Oldnews Archive
article may be copied and distributed freely, provided:
1. There is no money collected for the text(s) of the articles.
2. The following notice remains appended to each copy:
The Usenet Oldnews Archive: Compilation Copyright (C) 1981, 1996
Bruce Jones, Henry Spencer, David Wiseman.
