Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!elroy.jpl.nasa.gov!sdd.hp.com!wuarchive!uunet!convex!tighe
From: tighe@convex.com (Mike Tighe)
Newsgroups: comp.org.eff.talk
Subject: Re: Passwords/Intent to Defraud
Message-ID: <1991Jun13.161218.2982@convex.com>
Date: 13 Jun 91 16:12:18 GMT
References: <31281@hydra.gatech.EDU> <1991Jun13.152618.28383@athena.cs.uga.edu>
Sender: usenet@convex.com (news access account)
Organization: Convex Computer Corporation, Texas
Lines: 25
Nntp-Posting-Host: hydra.convex.com

In article <1991Jun13.152618.28383@athena.cs.uga.edu> mcovingt@athena.cs.uga.edu (Michael A. Covington) writes:

>I didn't say it was a CRIME for a non-sysadmin to run Cops and obtain
>passwords, I said that we do not PERMIT it, i.e., it's against system
>policy.

I'd be interested to know what the policy is for the use of CPU time.
Surely if every user fired up a copy of COPS every morning when they logged
in, that would be a waste of resources. However, if users are billed for
their usage, sysadms would be less inclined to worry about how users waste
their time.

I would also like to know how many sysadms have had security problems
reported to them by users that have taken it upon themselves to find
security holes.

When I was in the systems group at a previous employer, I knew one person
who took it upon himself to be the guardian of the system. He wouldn't
hesitate to point things out to the sysadms (and hence 'prove' how smart he
was).  However, he often wouldn't tell them why it was a problem (after all
the sysadms couldn't be trusted). He just told them how to fix.
--
-------------------------------------------------------------
Mike Tighe, Internet: tighe@convex.com, Voice: (214) 497-4206  
-------------------------------------------------------------