Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!uakari.primate.wisc.edu!aplcen!jarober From: jarober@aplcen.apl.jhu.edu (DE Robertson james an 740-9172) Newsgroups: comp.admin.policy Subject: Re: SUSPEND SYSOPS, NOT STUDENTS Message-ID: <1991Jun18.033333.27450@aplcen.apl.jhu.edu> Date: 18 Jun 91 03:33:33 GMT References: <20740@slice.ooc.uva.nl> <20790@slice.ooc.uva.nl> Organization: Johns Hopkins University Lines: 47 ropg@ooc.uva.nl (Rop Gonggrijp) writes: >brendan@cs.widener.edu (Brendan Kehoe) writes: >> And just as a note, a user mailing a password file out so someone >>else can hack on it is about as FAR from "playing around" as you can get. >I regularly try to hack systems (sometimes with the permission of the sysop) >to see if the security is within reasonable limits. If my files are on a >system, I feel I have a right to see if it is safe. If a friend of mine happens >to have a very nice 486 at home that he can use to help me with this (by taking >a few guesses at the /etc/passwd) I will mail him (or her) the password file. >If I then find passwords, I will login as the found user and send him (or her) >some email originating from their own account informing them of their bad >password (you should see of the passwords I found). >I see nothing wrong, immoral, or even criminal in my behaviour. Sure, if I was >being well paid somewhere I would expect some critisism for spending so much >time "playing around" while I could be making the boss a lot of money. I truly >see no other harm. Ok. ow about if I drive around and test out the security systems of houses ? I check doors, see if I can open windows from the outside. I have a freind who has a set of lockpicks help me out. If I succeed in breaking in, I leave a note letting you know that your security is poor. What you advocate with computers is exactly analogous to the above. I seriously doubt that you would condone such behaviour in my scenario. And if you do, you are plain foolish. >Oh I bet. But that was not the point, We are (after all) still talking about >a student that mailed the /etc/passwd of a Univ. system to somebody else. If >the security of your system (or even the whole network) depends on hunderds >(thousands?) of people keeping their mouth shut, it SUCKS. So just because the security is bad, you (or anyone else) have the right to exploit it ? If I find out that you have an open window on the second floor of your house, can I just break in eking and entering is morally wrong whether it involves homes, public buildings or computers. Just because you know how doesn't give you the right. Or are you saying that any professional car thief can now lift any car since the security system SUCKS ? >Well, that's very nice of you, but there is too many people out there with NO >sense of humor and/or reality, and it's (sometimes) not funny. Develop a sense of right and wrong. jarober@aplcen.apl.jhu.edu