Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!rphroy!cfctech!teemc!ka3ovk!barn!hoptoad!fidogate!f111.n125.z1.FIDONET.ORG!jerry.andrews
From: jerry.andrews@f111.n125.z1.FIDONET.ORG (jerry andrews)
Newsgroups: comp.org.eff.talk
Subject: Re: stealing passwords is easy!
Message-ID: <15353.2859BAFD@fidogate.FIDONET.ORG>
Date: 14 Jun 91 08:25:03 GMT
Sender: ufgate@fidogate.FIDONET.ORG (newsout1.26)
Organization: FidoNet node 1:125/111 - Fido Software, San Francisco CA
Lines: 27

All your points are well-taken; I'd like to add one sysop's experience,
though.
 
I've been running computer-based conversations systems since 1979.  
The first was a grafiti (sic) file on a campus mainframe, and that was 
followed by several systems until I settled on a TBBS system in 1983.  
I've been with TBBS ever since.
 
I have always required registration.  I have never (not once) had an 
abuse severe enough to require locking out a user.  It seems that the 
simple process of filling out the registration form is enough to 
discourage most malicious users.  TBBS's security is tough enough that 
crashing and cracking haven't been a problem, and the occasional 
abusive message I can usually handle with a single message in private.
 
In the period from about '83 to about '86, I did notice a lot more 
attempts to crash my board.  Thanks to the robust nature of the 
software, I don't think it was ever done (though the board did crash 
for sometimes unexplained reasons).  That has settled down a lot.
 
Be well.


--  
jerry andrews - via FidoNet node 1:125/777
    UUCP: ...!uunet!hoptoad!fidogate!111!jerry.andrews
INTERNET: jerry.andrews@f111.n125.z1.FIDONET.ORG