Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!sol.ctr.columbia.edu!emory!athena.cs.uga.edu!mcovingt
From: mcovingt@athena.cs.uga.edu (Michael A. Covington)
Newsgroups: comp.org.eff.talk
Subject: Re: Should we let students run COPS to get each other's passwords?
Summary: If I'd said that, I'd disagree with it too!
Message-ID: <1991Jun13.042115.16845@athena.cs.uga.edu>
Date: 13 Jun 91 04:21:15 GMT
References: <1991Jun12.140419.28896@athena.cs.uga.edu> <1991Jun12.141657.29238@athena.cs.uga.edu> <15013@exodus.Eng.Sun.COM>
Organization: University of Georgia, Athens
Lines: 26

Whoa there, everybody.

(1) I never claimed my computer was secure. I claim, very loudly, that
no computer on the network is perfectly secure.

(2) I stick to my guns. Running a password guesser is inappropriate
behavior because it involves access to other people's confidential
information. The encrypted password is world readable; the password
itself is not; that's why it's encrypted!

Stealing another person's confidential data (even by trial-and-error
guessing) is against the conduct regulations of any university you
care to name. I see no reason why this ordinarily culpable activity
should become innocent merely because it is performed with software.

For those who tuned in late: we HAVE NOT penalized any student for
running Cops. This is a hypothetical case only. We probably would not penalize
a student for running Cops unless he subsequently used or divulged
the passwords that he obtained, or there was clear evidence that he intended
to do so. (He would probably get nothing; we
run Cops ourselves, too!) 
-- 
-------------------------------------------------------
Michael A. Covington | Artificial Intelligence Programs
The University of Georgia  |  Athens, GA 30602   U.S.A.
-------------------------------------------------------