Sunday, 5 April 1987 11:57:12 EST
Encouraging people to find holes and then use them to make the local system
programmers work on them is wrong. It is like encouraging people to find out
if their neighbors lock their door during the day so they will. Do you really
want that or do you want the theives to be caught? I want the theives to be
caught and the ability to leave my door open. I don't want to fear my
neighborhood or my users.
I could spend many man years working on Unix security alone. The same is
TRUE with TOPS-20. The worst is when you fix a security problem and some
yo-yo finds out about it and then attacks some other remote site. The remote
site gets pissed and says it can not afford to fix it....would you please
deal with the yo-yo.
This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:37:47 GMT