Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!sdd.hp.com!uakari.primate.wisc.edu!aplcen!boingo.med.jhu.edu!haven.umd.edu!uvaarpa!murdoch!astsun7.astro.Virginia.EDU!gl8f
From: gl8f@astsun7.astro.Virginia.EDU (Greg Lindahl)
Newsgroups: comp.org.eff.talk
Subject: Re: Should we let students run COPS to get each other's passwords?
Message-ID: <1991Jun12.211143.18803@murdoch.acc.Virginia.EDU>
Date: 12 Jun 91 21:11:43 GMT
References: <1991Jun12.055211.24457@murdoch.acc.Virginia.EDU> <1991Jun12.140419.28896@athena.cs.uga.edu> <1991Jun12.141657.29238@athena.cs.uga.edu>
Sender: usenet@murdoch.acc.Virginia.EDU
Organization: Department of Astronomy, University of Virginia
Lines: 19

In article <1991Jun12.141657.29238@athena.cs.uga.edu> mcovingt@athena.cs.uga.edu (Michael A. Covington) writes:

>A few people here have been advocating the strange idea that UNIX users
>have a moral right to obtain each other's passwords using COPS. I have a few
>responses...

I'd like to point out that this isn't my point at all; rather, I've
been trying to say that the illegal act here is breaking into a
system. Mr. Covington seems to have lost sight of this.

I've also been saying that a responsible sysadmin should close obvious
holes. Mister Covington seems to think this is a blame-the-victim
mentality. I think it's good professional practice. Sysadmins should
expect that users need to be educated about proper security
procedures; any sysadmin that doesn't should be fired no matter
whether a break-in is detected or not.

I never claimed that lax procedures justify a break-in. I don't think
they do. End of story.