Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!think.com!redsox!campbell From: campbell@redsox.bsw.com (Larry Campbell) Newsgroups: comp.org.eff.talk Subject: Re: Should we let students run COPS to get each other's passwords? Message-ID: <1991Jun13.033953.16881@redsox.bsw.com> Date: 13 Jun 91 03:39:53 GMT References: <1991Jun12.055211.24457@murdoch.acc.Virginia.EDU> <1991Jun12.140419.28896@athena.cs.uga.edu> <1991Jun12.141657.29238@athena.cs.uga.edu> Reply-To: campbell@redsox.bsw.com (Larry Campbell) Organization: The Boston Software Works, Inc. Lines: 52 In article <1991Jun12.141657.29238@athena.cs.uga.edu> mcovingt@athena.cs.uga.edu (Michael A. Covington) writes: -A few people here have been advocating the strange idea that UNIX users -have a moral right to obtain each other's passwords using COPS. I have a few -responses... - -(1) Why is this any different from obtaining passwords by other forms of -snooping? Snooping without intrusion is not, and should not be, illegal. Would you outlaw telescopes? Police scanners? -(2) Are you saying "People with easy-to-guess passwords deserve to have their -accounts broken into"? Blame the victim, of course, folks! Do you say -the same thing about rape victims? Having my password obtained (not used, just obtained) *hardly* equates to being raped. And I don't think *anyone* here has advocated breaking into accounts -- simply guessing the password is *not* the same as breaking in! -(3) Do users of our computer have a basic civil right to run any software -they want to? Like maybe a program that writes to the disk until the disk -is full, deliberately crashing the machine? Or does the administration have -some right to control what the computer is used for? No, and no one said they did. Assuming the user has a right to a reasonable amount of CPU cycles and disk space, what they do with this -- in an academic environment -- should be pretty much up to them. If they want to try to crack passwords, fine! -Come back to earth, folks. Obtaining other users' passwords is an obvious -breach of security, regardless of how you do it. Wrong again. It is a *potential* breach of security. Look at it this way. Suppose the intelligent teenager next door uses his telescope to make close-up photographs of my house key while I'm using it. Suppose further that he digitizes the photographs, and using a desktop manufacturing setup (okay, he's a *rich* teenager) manages to produce a workable duplicate of my house key. I think Michael Covington would have him clapped in irons immediately. I, however, claim that he has done nothing illegal, or even immoral. The line would be crossed, though, if he tried to *use* the key (without my permission), or if he gave the key to someone else. There's entirely too much hysteria surrounding hacking -- it's beginning to sound a bit like the entirely specious War on Drugs -- and it sounds like Michael Covington, and some of the other readers of this group, have succumbed. -- Larry Campbell The Boston Software Works, Inc., 120 Fulton Street campbell@redsox.bsw.com Boston, Massachusetts 02109 (USA)