Re: My Broadcast


Robert Allen (robert@spam.istc.sri.com)
Mon, 06 Apr 87 11:09:55 -0800


>> ..... we must
>> entrust our systems and data to a open-ended set of youthful
>> hackers (the current term is "gurus") who have mastered the
>> arcane knowledge.

        Only because these 'youthful hackers' are the only ones
        willing (or having the time) to look for the problems
        they discover.
>>
>> ....
>>
>> Knowledge is power, and it properly belongs in the hands of
>> system administrators and system programmers. It should NOT be
>> the exclusive province of "gurus" who have a vested interest in
>> keeping such details secret.

        Mark,

        I agree that system administators should have the know-how
        to protect their systems. However I have not seen the
        concerted effort of gurus to keep security problems
        secret from the administors. Rather I have seen administrators
        keeping such holes secret from the users, and then complaining
        when the users discover and use them.

>>
>> -- Mark --
>>
>> PS: Crispin's definition of a "somewhat secure operating system":
>> A "somewhat secure operating system" is one that, given an
>> intelligent system management that does not commit a blunder that
>> compromises security, would withstand an attack by one of its
>> architects for at least an hour.

        ...except for the case where one has physical access to
        the hardware.

Robert Allen,
robert@spam.istc.sri.com

Disclaimer: I am not a guru, and I don't advocate breakins, but if a
            feature is there (such as telnet port 25), and is used,
            I think that the administrators should share responsibility
            with the user for any problems that result.



This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:38:06 GMT