Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!thunder.mcrcim.mcgill.edu!snorkelwacker.mit.edu!hsdndev!think.com!sdd.hp.com!uakari.primate.wisc.edu!aplcen!aplcomm!uunet!bellcore!iscp.Bellcore.COM!jona
From: jona@iscp.Bellcore.COM (Jon Alperin)
Newsgroups: comp.admin.policy
Subject: Re: SUSPEND SYSOPS, NOT STUDENTS
Message-ID: <1991Jun17.164943.8153@bellcore.bellcore.com>
Date: 17 Jun 91 16:49:43 GMT
References: <20740@slice.ooc.uva.nl> <W2B-QAN@cs.widener.edu> <CKD.91Jun17111320@eff.org>
Sender: usenet@bellcore.bellcore.com (Poster of News)
Reply-To: jona@iscp.Bellcore.COM (Jon Alperin)
Organization: Bell Communications Research (Bellcore)
Lines: 44

In article <CKD.91Jun17111320@eff.org>, ckd@eff.org (Christopher Davis) writes:
	<I said some stuff> 
|> 
|> Who said anything about breaking in?  Let's take a hypothetical case
|> (NOT the Georgia case).
|> 
|> Mr. Edward Foo has an account on vax99.big-u.edu.  He keeps some things
|> there, that (while not horrendous top secret information) he'd rather
|> keep out of the way of J. Random Luser.
|> 
|> He runs COPS on the system (say, without the PW guesser, because that
|> takes too damned long).  He finds that /var/spool is world-writable.  He
|> reports this to the sysadmins, who fix it (hopefully ;-).

	Um, why not just ask the system admins to insure that there
are no world-writable file systems...that's there job, and not his to go
snooping around. Besides, the orignal poster referenced copying /etc/passwd to
 another system, cracking the password, logging in as that user, and
then sending the user mail from their own account. This example is not even
 close...



|> Perhaps the best way to respect the privacy and security of others is to
|> make sure that privacy and security is better maintained.

  Yes, but breaking security is not the right way to insure that _privacy_
is maintained. If you want to break into your own account, be my guest. 
Just don't ever screw with someone elses for the simple reason of
_looking_ for security holes unless that is what your were specifically
hired to do.

|> -- 
|> Christopher Davis - System Manager & Postmaster, Electronic Frontier Foundation

-- 
Jon Alperin
Bell Communications Research

---> Internet: jona@iscp.bellcore.com
---> Voicenet: (908) 699-8674
---> UUNET: uunet!bcr!jona

* All opinions and stupid questions are my own *