Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!uunet!fernwood!portal!cup.portal.com!ts
From: ts@cup.portal.com (Tim W Smith)
Newsgroups: comp.org.eff.talk
Subject: Re: Software vendor liability/culpability
Message-ID: <43086@cup.portal.com>
Date: 8 Jun 91 11:57:08 GMT
References: <1991May31.073704.4847@elroy.jpl.nasa.gov>
  <1991Jun05.183044.29147@ddsw1.MCS.COM>
Organization: The Portal System (TM)
Lines: 13

1) What were unencrypted passwords doing on the network?

2) Could the vendor of the network software that unprotected the /dev
node argue that on a system with properly designed security, such a lack
of protection would cause no problems, and so the fault lies with either
the designers of the operating system's network code, because they blew
the security design, or the people who selected that operating system
for this installation, because they selected a system without making sure
it had a good security system.  In other words, on a properly designed
system, the network software would not have caused any damage by making
the /dev file readable, so it is not their fault.

						Tim Smith