Newsgroups: comp.org.eff.talk
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!think.com!barmar
From: barmar@think.com (Barry Margolin)
Subject: Re: Software vendor liability/culpability
Message-ID: <1991Jun9.143317.25764@Think.COM>
Sender: news@Think.COM
Reply-To: barmar@think.com
Organization: Thinking Machines Corporation, Cambridge MA, USA
References: <1991May31.073704.4847@elroy.jpl.nasa.gov> <1991Jun05.183044.29147@ddsw1.MCS.COM> <43086@cup.portal.com>
Date: Sun, 9 Jun 91 14:33:17 GMT
Lines: 25

In article <43086@cup.portal.com> ts@cup.portal.com (Tim W Smith) writes:
>1) What were unencrypted passwords doing on the network?

The currently standard remote login and file transfer programs do not have
any other authentication mechanisms beside passwords.  And it doesn't
matter whether they are encrypted or not -- encrypted passwords can be
captured and played back just as easily as plaintext.  You need a system
like Kerberos, or a one-time code (we use a system from Security Dynamics
that depends on a smartcard) to get around this problem.

>2) Could the vendor of the network software that unprotected the /dev
>node argue that on a system with properly designed security, such a lack
>of protection would cause no problems

Not likely.  If the security of the system is dependent upon correct
protection on certain devices, and the network software intentionally
changes this protection, it is clearly disabling the security.  The system
was reasonably secure when operated according to the instructions, but this
software violates those instructions.

-- 
Barry Margolin, Thinking Machines Corp.

barmar@think.com
{uunet,harvard}!think!barmar