Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!cs.utexas.edu!uunet!wpg!russ From: russ@wpg.com (Russell Lawrence) Newsgroups: comp.sources.d Subject: Re: "cops" and robbers Summary: Let's start a new mailing list. Message-ID: <2258@wpg.com> Date: 8 Apr 90 04:39:57 GMT References: <16900@well.sf.ca.us> <1990Mar29.055350.2922@Jhereg.Minnetech.MN.ORG> <1110@rwing.UUCP> Organization: WP Group, POB 306, Metairie, LA 70004 Lines: 46 In article <1110@rwing.UUCP>, pat@rwing.UUCP (Pat Myrto) writes: > Naturally, with rwing currently in the 'podunk' category I have > not been included on any of these mailing lists - like I said > earlier, not even given courtesy of a reply to my queries - my > knowlege is thus limited to the basics, and what I picked up from > text books, etc. as described above. I share your lament. Shortly after the Morris incident, I got about a dozen calls from business people who wanted me to beef up their systems security. Being ignorant of the potential holes, I found myself unable to provide any real assistance. As a result of their unassuaged fears, all of these sites have repeatedly declined netnews and email connections that would have greatly benefited the unix community in our area from the standpoint of jobs, machine sales, information exchange, etc. In a recent issue of the journal of the American Trial Lawyers Association, the president of that organization pointed out that the praise of "secrecy" and "secret knowledge" is one of the major barriers to the progress of our society as a whole. The theory that secrecy or silence prevents problems from becoming worse has been used before in many fields of endeavor, politics, religion, health care, etc, and history has shown us that it doesn't work. The underlying psychology reminds me of a childish ego game. Oddly enough, the only serious criminal hacker I've ever known personally was a young man with university affiliations that gave him ready access to USG and BSD source. It pisses me off that this guy had access to information that is unavailable to me because of the lame brain notion that people at large sites have a greater need to know, or greater integrity. Let me suggest that we start a new security mailing list based on the premise that knowledge should be widely available. I'm sure we'll get enough subscribers and contributors to make the thing worth while. In addition, let's maintain an archive listing the "secret" security mailing lists and their administrators and make this list readily available to the press. If/when one of my client's machines is broken into, they may want to send sarcastic thank you notes to the Reverend Guardians of Esoteric Knowledge. -- Russell Lawrence, WP Group, New Orleans (504) 443-5000 russ@wpg.com uunet!wpg!russ