Path: utzoo!attcan!telly!problem!compus!lethe!torsqnt!news-server.csri.toronto.edu!rutgers!netnews.upenn.edu!cs.widener.edu!news.cs.indiana.edu!julius.cs.uiuc.edu!wuarchive!udel!haven!mimsy!nmrdc1!dsc3rjs From: dsc3rjs@nmrdc1.nmrdc.nnmc.navy.mil (Bob Stratton) Newsgroups: comp.org.eff.talk Subject: Re: "Computers at Risk" Message-ID: <1990Dec14.232400.21488@nmrdc1.nmrdc.nnmc.navy.mil> Date: 14 Dec 90 23:24:00 GMT References: Organization: Naval Medical Research & Development Command Lines: 78 In article faustus@gargoyle.uchicago.edu (Kurt Ackermann) writes: > >My questions: > >1. Why are references to the US government written "Government"? Probably because they referred specifically to one particular gov't (?) >2. Who are the people on this panel, and are they a responsible > and competent representation of the computer-using community? The list seemed to me to be partially representative, if a bit "strato- spheric".. NAS/NRC primarily exists as a mechanism to bring together groups of experts in a field, for purposes of info. exchange, or the creation of guidelines for research in a given field, as I understand it. I would certainly like to see the academic computing community better represented (perhaps even a little more on the "techie" (other peoples' term) or "hacker" (my term) level. >3. Should the EFF get involved in the development of the soon-to > be-created Information Security Foundation? Probably, unless EFF members question the need/propriety of its existence (as I do in the form delineated above). >4. Has anyone read the report itself, or (even better) know > someone who was involved in the preparation of the report? I'm getting a copy. I used to do contract computer support there, and I very much want to talk to some of the people involved. >5. Why is the "rogue program" that "stalled thousands of computers" > referred to as the "Internet incident"? Good question - probably because it affected machines on the Internet, as opposed to PC's on LANs, etc. >6. Why is it the Defense Department that's doing all this stuff???? DoD was instrumental in providing the backbone for research in the areas of protocols, etc. that were the genesis of TCP/IP and the Internet as we currently know it. >7. What is and has been the National Academy of Science's role in > the development of computer networks? As an institution, not very significant as I see it. The NSF, on the other hand, has had a big influence, both from a funding and research standpoint, or is that redundant? :-) >8. What exactly is a "nationwide computer" that was jammed by the > "rogue program" of the "Internet incident" fame? Again, that refers to computers on the Internet, running TCP/IP / sendmail / fingerd, that were "infected" by the RTM worm. >9. What does journalist John Markoff know about computers? Good question. Couldn't tell 'ya. >10. What are your opinions???? I'm basically holding mine until I read the report in full, and talk to its progenitors. I will say that I tend to distrust _any_ institution that claims to be the "be all and end all" of a given aspect of information technology, be it "standards bodies", "industry consortia", John McAfee's Computer Virus Industry Association, or anyone else. I especially tend to worry when people start deciding on access controls for the rest of the community. I have witnessed all too often the problems when some managerial type decides that a development environment "needs more security". [note: this is not a slur on management types in general, just those who are technically incompetent -- RJS] -- Bob Stratton | dsc3rjs@nmdsc{20 | 10}.nmdsc.nnmc.navy.mil [Internet] Stratton Systems Design | dsc3rjs@vmnmdsc.BITNET [BITNET only, please!] | +1 703 823 MIND [PSTNet]