Xref: utzoo comp.sys.dec:1406 comp.os.vms:15254
Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!tut.cis.ohio-state.edu!ucbvax!decwrl!shlump.dec.com!shodha.dec.com!devine
From: devine@shodha.dec.com (Bob Devine)
Newsgroups: comp.sys.dec,comp.os.vms
Subject: Re: "UNWELCOME.TXT" - a better WELCOME message (and dynamic!)
Message-ID: <224@shodha.dec.com>
Date: 15 Jun 89 17:34:02 GMT
References: <452@marque.mu.edu> <2270@faline.bellcore.com>
Followup-To: comp.sys.dec
Distribution: usa
Organization: Digital Equipment Corp. - Colorado Springs, CO.
Lines: 16

In article <452@marque.mu.edu> kcb@marque.UUCP (Kent Brodie) writes:
> one of the largest security "holes", as it were, is the fact that the
> default "welcome" message on VAX/VMS systems is just that-- it WELCOMES
> the user to the system.  In the case of an unauthorized access to your
> precious system, the existance of this message can cause ALL SORTS of
> legal headaches, depending on your state/local laws.

  NOTE: There has been no legal finding that having a welcome message
constitutes an invitation to system cracking.  However, if you are
taking other steps to prevent a cracker's entry (eg call-back modems,
proper password management) then you *might* be on a firmer legal
standing if your login message gave warning about illegal use.  One
sleazy lawyer did advance that argument in a case but the judge's
ruling did not include it in the decision.

Bob Devine