Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version VT1.00C 11/1/84; site vortex.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!allegra!mit-eddie!genrad!decvax!bellcore!vortex!lauren
From: lauren@vortex.UUCP (Lauren Weinstein)
Newsgroups: net.news.group
Subject: Re: I'm learning why nobody likes mod groups (NOT unreliable mail)
Message-ID: <865@vortex.UUCP>
Date: Mon, 9-Dec-85 15:34:08 EST
Article-I.D.: vortex.865
Posted: Mon Dec  9 15:34:08 1985
Date-Received: Wed, 11-Dec-85 03:21:58 EST
References: <77@pyramid.UUCP>
Organization: Vortex Technology, Los Angeles
Lines: 36

I can't help but consider sites that insist all sitenames be entered 
in L.sys and/or USERFILE and/or have separate login accounts to be 
anything but "good guys."  Sites that allow "anonymous"
access to uucp are not only affecting their own security, but 
the security of the entire net by providing "easy" anonymous and 
unverifiable entry points.  With the vast number of people gaining access
to PC's with appropriate capabilities, anonymous access points are just 
trouble waiting to happen.  ALL sites can provide appropriate security,
regardless of what software versions they run, by simply providing access
accounts on a one per site basis.

It doesn't seem too much to ask that people send a mail message to 
the site administrator asking for an account before access is given.
Such access accounts don't have to be kept around indefinitely--maybe
only for a week or so.  If nothing else, this provides a way to contact
the calling site if things go wrong (like calling you every 5 minutes
and tying up your dialup lines!)  Getting anonymous calls from some
unknown point is a MESS if they start giving you trouble!

For people who MUST have TOTALLY anonymous file transfer access, I'd
recommend providing a conventional login account (into a restricted
shell) and let people use kermit or umodem for their occasional
file transfers from your machine.  This gives them the occasional
file xfer capability they "need," while avoiding giving some joker who gets
his or her jollies from masquerading as other sites anonymous uucp 
entry points.

Yes, it's more work to keep track of separate accounts.
Yes, it's too bad we can't be one big happy family and not worry
about security.

But we're growing very fast, and the time to start taking some
simple actions toward providing at least a reasonable level of security
is now.  And everyone can do it, regardless of what software they run.

--Lauren--