Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!watmath!clyde!cbatt!cbosgd!ucbvax!SAPSUCKER.SCRC.SYMBOLICS.COM!Margulies From: Margulies@SAPSUCKER.SCRC.SYMBOLICS.COM (Benson I. Margulies) Newsgroups: mod.protocols.tcp-ip Subject: (none) Message-ID: <860929075908.8.MARGULIES@REDWING.SCRC.Symbolics.COM> Date: Mon, 29-Sep-86 07:59:00 EDT Article-I.D.: REDWING.860929075908.8.MARGULIES Posted: Mon Sep 29 07:59:00 1986 Date-Received: Tue, 30-Sep-86 20:29:18 EDT References: <8609261313.AA07678@mitre.ARPA> Sender: daemon@ucbvax.BERKELEY.EDU Organization: The ARPA Internet Lines: 35 Approved: tcp-ip@sri-nic.arpa Date: Fri, 26 Sep 86 09:13:04 -0500 From: mckee@mitre.ARPA Marshall Abrams, a Security guru here at MITRE, sent me a copy of the following note by Brian Reid. The note has little to do with TCP and IP, but it is instructive to learn how our networks are being used for nefarious purposes, and besides, there is a certain lascivious pleasure in reading about somebody elses troubles. H. C. McKee -------------------------- From: reid@decwrl.DEC.COM (Brian Reid) Date: 16 Sep 1986 1519-PDT (Tuesday) To: Peter G. Neumann [FOR RISKS] Subject: Massive UNIX breakins at Stanford Lessons learned from a recent rash of Unix computer breakins ... Brian Reid DEC Western Research and Stanford University As an Ex-B2 security hacker (guess where), I just wanted to point out that Brian's observations are basically right-on. There is a big tension between wanting to be able to run an application without having the user have to type passwords and having fail-safe network security. The bottom line is that if you treat an entire network of machines as one "System" in the orange book sense (no passwords used in between), then you had better be bloody sure that you have working software on all of them, and that you monitor activities closely. caveat manager