Adecvax.187 net.followup utcsrgv!utzoo!decvax!aps Wed Mar 10 19:36:39 1982 On telling people ont to crack security I think that watmath!idallen has hit the nail on the head and would like to explain further, possibly justify why I sent the whole to the net. If I were running a system, I would not encourage people to spend time trying to break the system but would certainly want to know if and how it were/could be done so that I could take steps to fix that whole. (It should be pointed out that one of the methods employed by various government agencies (including the military) to ensure security is to have a group of people whose function is to do nothing but try and "break in" to various installations, whether they be computer systems or secure military installations. Although these exercises are used to keep security forces on their guard, it also serves to find and patch wholes.) I would like to know what better place other than a university environment, to play/hack around and find wholes. For one thing, that exorcise provides one method of learning about systems (good training for future computer "professionals"!). For another, this is one environment where a company will not fold because someone "broke" the system. I put onto the net, the whole (as I knew it) because it should be understood by all who use systems (not only UNIX!). A lack of understanding is what has lead the media, and certain "computer security experts", to say that this is a large whole in UNIX. A clear understanding of what the situation is can lead to a way of dealing with it (patching the whole). I think this was the intent of the paper by Ritchie entitled "On the Security of Unix"; know the problem, then you can deal with it. If you enforce a "police state" working environment, you will, as IAN suggested, you will encourage an "Underground". By the way, I wish someone would set the media straight with respect to the fact that this situation is not directly related to the operating system that is running on the host; but rather a "mis- use of a feature". Oh yes, UNIX is not a DEC product. Armando Stettner DEC UEG ----------------------------------------------------------------- gopher://quux.org/ conversion by John Goerzen of http://communication.ucsd.edu/A-News/ This Usenet Oldnews Archive article may be copied and distributed freely, provided: 1. There is no money collected for the text(s) of the articles. 2. The following notice remains appended to each copy: The Usenet Oldnews Archive: Compilation Copyright (C) 1981, 1996 Bruce Jones, Henry Spencer, David Wiseman.