Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!crdgw1!uakari.primate.wisc.edu!zaphod.mps.ohio-state.edu!cis.ohio-state.edu!sei.cmu.edu!fs7.ece.cmu.edu!o.gp.cs.cmu.edu!andrew.cmu.edu!jb3o+
From: jb3o+@andrew.cmu.edu (Jon Allen Boone)
Newsgroups: comp.admin.policy
Subject: Re: SUSPEND SYSOPS, NOT STUDENTS
Message-ID: <wcLyZdS00j5u01omsw@andrew.cmu.edu>
Date: 19 Jun 91 23:31:53 GMT
References: <20740@slice.ooc.uva.nl> <W2B-QAN@cs.widener.edu> <CKD.91Jun17152311@eff.org>,
	<1991Jun18.182241.21895@bellcore.bellcore.com>
Organization: Carnegie Mellon, Pittsburgh, PA
Lines: 23
In-Reply-To: <1991Jun18.182241.21895@bellcore.bellcore.com>


jona@iscp.Bellcore.COM (Jon Alperin) writes:
> I still believe that "logging in to a users account and sending them
> mail from their own account" is not the proper way to inform someone of a
> security hole. This is akin to removing all files on a system to show someone
> that all files can be removed. 

  While no one here (that I know of) has "broken in" to an account to
show that it can be done (well, actually, I can think of ONE
exception!), generally, when people go away and leave themselves
logged in, the person who uses the workstation next will send them
mail, as well as copying to local bboard or two - so everyone knows!
The worst cases (thinks bordering on libel or slander, I would
imagine) are tracked down fairly easily.


----------------------------------|++++++++++++++++++++++++++++++++++++++++
| "He divines remedies against injuries;   | "Words are drugs."           |
|  he knows how to turn serious accidents  |     -Antero Alli             |
|  to his own advantage; whatever does not |                              |
|  kill him makes him stronger."           | "Culture is for bacteria."   |
|                   - Friedrich Nietzsche  |     - Christopher Hyatt      |
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-