Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!elroy.jpl.nasa.gov!news.larc.nasa.gov!grissom.larc.nasa.gov!kludge
From: kludge@grissom.larc.nasa.gov ( Scott Dorsey)
Newsgroups: comp.protocols.appletalk
Subject: Re: Watch, peeking, and security threats
Message-ID: <1991May21.140552.18933@news.larc.nasa.gov>
Date: 21 May 91 14:05:52 GMT
References: <9105160430.AA04272@eclectic.com> <1991May16.142436.15468@news.larc.nasa.gov> <2838265E.2EE6@tct.com>
Sender: news@news.larc.nasa.gov (USENET Network News)
Reply-To: kludge@grissom.larc.nasa.gov ( Scott Dorsey)
Organization: NASA Langley Research Center
Lines: 15

In article <2838265E.2EE6@tct.com> chip@tct.com (Chip Salzenberg) writes:
>According to kludge@grissom.larc.nasa.gov ( Scott Dorsey):
>>   While much of it is indeed the fault of the protocol, a good deal of blame
>>should be laid on an operating system which permits any user running any
>>program to access any device in any way.
>
>This objection is naive.  If the authentication is in the OS, then I
>walk up to a Mac with my own hacked OS on a floppy, and boot from the
>floppy.  Presto.

   Yes, but without authentication in the OS it's perfectly possible for
you to walk up to a Mac and install your (subtly altered to do evil things)
copy of the OS on it.  Both an improved authentication protocol and 
improved operating system protections are required
--scott