Xref: utzoo alt.comp.acad-freedom.talk:54 comp.admin.policy:263 Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!think.com!spool.mu.edu!uunet!lll-winken!iggy.GW.Vitalink.COM!widener!netnews.upenn.edu!pender.ee.upenn.edu!chip From: chip@pender.ee.upenn.edu (Charles H. Buchholtz) Newsgroups: alt.comp.acad-freedom.talk,comp.admin.policy Subject: Re: Ohio State University CIS Policies Message-ID: <44147@netnews.upenn.edu> Date: 4 Jun 91 21:02:41 GMT Article-I.D.: netnews.44147 References: <1991Jun3.165946.12637@eff.org> <1991Jun3.173550.13928@eff.org> <1991Jun3.232500.24850@ms.uky.edu> <1991Jun4.004016.20415@eff.org> Sender: news@netnews.upenn.edu Reply-To: chip@pender.ee.upenn.edu (Charles H. Buchholtz) Followup-To: alt.comp.acad-freedom.talk Organization: University of Pennsylvania Lines: 36 Nntp-Posting-Host: pender.ee.upenn.edu In article aej@manyjars.WPI.EDU (Allan E Johannesen) writes: >>>>>> On 4 Jun 91 00:40:16 GMT, kadie@eff.org (Carl Kadie) said: > >kadie> A student at Ohio State student tells me that users there are >kadie> also locked out (denied access to their computer account) when >kadie> they are wanted for a meeting. The difference is they are given >kadie> no notice before the lock out. > >Golly. There could be _no_ genuine reason for this, could there? We do this when we have reason to believe that someone has broken into an account and is using it without the owner's permission. We change the shell on the account so that it simply displays a message asking the person to come to our office. When they arrive, we ask them if the activities were authorized by them or not. If they say, "yes I did that", then we unlock the account and deal with whatever they did. If the action was not in violation of any other restrictions, we simply apologize for the inconvenience. If they say, that they authorized someone to use their account, then we give them the lecture on "account sharing" and unlock the account. If they say that they don't know what we're talking about, then we unlock the account, make sure that they change the password, scan the account for back doors or other security holes, and try to determine how the account was cracked. We couldn't think of any other reasonable response to take when we have good reason to believe that an account has been cracked. Certainly, leaving it open and sending mail is not appropriate under those circumstances. Charles H. Buchholtz chip@ee.upenn.edu Systems Programmer Engineering & Applied Science University of Pennsylvania.