Crackers and Worms


Jim Hutchison (net1!hutch@ucsd.edu)
7 Nov 88 06:01:10 GMT


Unix is not a "secure" system. No system attached to a network is
entirely secure. Valid and illicit network transactions can be
identical. A casual shell expansion here, a little flexibility in
input for a mailer there, ... the system not designed to stop intruders
lets them in. For security, put the machine in a red Tempest can and
seal it up tight. Or looked at in another light, more damage could
have been done with a modem and 10 popular women's names!

The type of hole through which a recent Deutschlander climbed, still
exists. The casual hole. A broken piece of software that did not
get updated, or came back from a backup when the controller scrawled
wild accusations across the system partition. Human error is real,
it can not be ignored. Most importantly, it will happen to you.

Locks are for children and honest people. It is nice to know that
there are "locks" on the doors of the system. I don't go out cracking
security, I'm simply not interested. Almost anyone *can* crack
security. BSD security is not particulary more ventilated than SysVr*,
or VMS. Software has bugs. Get it. If it fails to deliver a letter,
or lets in "the man with no name", it's still just a bug.

Hopefully this article has not fed any hysteria.

/* Jim Hutchison UUCP: {dcdwest,ucbvax}!cs!net1!hutch
                                ARPA: JHutchison@ucsd.edu
     These are my opinions, and now you have your perceptions of them. */



This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:44:29 GMT