Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!think.com!hsdndev!cmcl2!adm!news From: robjohn@logdis1.oc.aflc.af.mil (CDC Contractor Bob Johnson;SCSS;) Newsgroups: comp.unix.wizards Subject: Open Access to Security Info Message-ID: <27107@adm.brl.mil> Date: 4 Jun 91 13:45:51 GMT Sender: news@adm.brl.mil Lines: 29 Ok, enuf already! I've paged through (seemingly) megabytes of information, blathering, lambasting, bickering, obscenity, arguing, and pontificating about a certain tty security hole. If you're not smart enough to figure it out by now from the clues, then you shouldn't be jumping up and down on this list. If you don't have time, then welcome to the world of "having a real job". There is a large body of system administrators (myself included) who just don't have the time to mess with finding a hole they don't have the source code to fix. What we need is a "bell for the cat" to know if someone is abusing the hole, and some common-sense "rules of thumb" to cut down on the opportunity for abuse. Unfortunately, this particular hole doesn't lend itself to monitoring very well. I could just as well spend my time worrying about being hit by a meteorite - it would do me about as much good. Now -- to the few who believe that the world has a right to any and all information about security holes, and who have knocked various "restricted" security lists... If you truly believe the world at large has the right to know - why not start your own "Security Issues" list and accept all comers? You can sign me up as the first person on the list. The way I see it, if a person is inclined to system cracking, they are going to find the holes one way or another. We might as well be privy to the same info. Why should only crooks have guns? Just be careful of the Computer Fraud and Abuse Act of 1987, which makes it a felony to tell someone how to crack a system ;-). But, more than anything (IMHO), if you're not willing to do something constructive, then..... QWITCHERBITCHIN! ------------------------------------------------------------------------------ Bob Johnson, Control Data Corporation (contractor to...) Tinker Air Force Base, Oklahoma robjohn@logdis1.oc.aflc.af.mil