Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!asuvax!ncar!csn!cherokee!newsat!jbw From: jbw@maverick.uswest.com (Joe Wells) Newsgroups: comp.admin.policy Subject: Re: SUSPEND SYSOPS, NOT STUDENTS Message-ID: Date: 21 Jun 91 03:09:50 GMT References: <20740@slice.ooc.uva.nl> <1991Jun18.182241.21895@bellcore.bellcore.com> Sender: news@cherokee.uswest.com (Telegraph Row) Organization: /home/zeb1/jbw/.organization Lines: 18 In-Reply-To: jona@iscp.Bellcore.COM's message of 18 Jun 91 18: 22:41 GMT Nntp-Posting-Host: maverick.uswest.com In article <1991Jun18.182241.21895@bellcore.bellcore.com> jona@iscp.Bellcore.COM (Jon Alperin) writes: If I run a system, then it is my responsibility to maintain security. if you don't like the way I maintain it, then don't use my system, or report your concerns to my boss (NOTE: THIS IS ONLY AN EXAMPLE, NOT MY OPINION....). Well, obviously, you would maintain a high level of security. But what if the sysadmin is incompetent and/or lazy. What if the sysadmin's boss isn't accountable? What if the boss of the sysadmin's boss is not a person but a position that has been vacant for about a year. What if the person in the next level up the hierarchy is widely regarded as uncaring, but is a *very good friend* of his/her boss? Is the user supposed to shut up and hope no one else uses the security holes to nuke the system? Or to plant trojan horses or backdoors? -- Joe Wells