Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!asuvax!ncar!noao!arizona!armstron
From: armstron@cs.arizona.edu (Jim Armstrong)
Newsgroups: comp.mail.misc
Subject: Re: Forging Mail (was Re: Warning - stupid questi
Message-ID: <1465@caslon.cs.arizona.edu>
Date: 26 Apr 91 05:12:10 GMT
References: <1991Apr17.091032.12693@ux1.cso.uiuc.edu> <1991Apr17.100833.3982@athena.mit.edu> <5USA0YB@xds13.ferranti.com>
Organization: U of Arizona CS Dept, Tucson
Lines: 23

In article <5USA0YB@xds13.ferranti.com> peter@ficc.ferranti.com (Peter da Silva) writes:
>In article <1991Apr17.100833.3982@athena.mit.edu> jik@athena.mit.edu (Jonathan I. Kamens) writes:
>> it is a problem); I would find it a bit strange if we told every new user
>> here, "By the way, mail isn't secure!"
>
>Why?

Good question.  Here's a better one:  Since most sysadmins don't tell their
users that mail isn't secure, why do we find it surprising that so many 
naive users fall for the tricks that have been described in the recent
CERT advisories?  1)  messages from the sysadmin telling you to change
your password to "systest001" for security reasons.  2)  messages from
bogus software companies urging you to try out their new game in 
/tmp/ttetris but noting that you will be asked to revalidate your password.

Anyone else think that educating the users just might possibly help
prevent a security abuse here and there?

 
-- 
Jim Armstrong			  "The nonpayment and subsequent abuse of
armstron@cs.arizona.edu		  socially powerless athletes is simply a
uunet!arizona!armstron            form of modern-day slavery" --Rick Telander