Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!rutgers!sri-spam!ames!ucbcad!ucbvax!SHASTA.STANFORD.EDU!andy
From: andy@SHASTA.STANFORD.EDU.UUCP
Newsgroups: mod.computers.vax
Subject: Re: Musings regarding students, this forum, and security
Message-ID: <8702070457.AA15502@ucbvax.Berkeley.EDU>
Date: Fri, 6-Feb-87 15:02:20 EST
Article-I.D.: ucbvax.8702070457.AA15502
Posted: Fri Feb  6 15:02:20 1987
Date-Received: Sun, 8-Feb-87 04:50:42 EST
References: <8702061525.AA02007@ucbvax.Berkeley.EDU>
Sender: daemon@ucbvax.BERKELEY.EDU
Reply-To: Shasta!andy@shasta.stanford.edu (Andy Freeman)
Organization: Stanford University
Lines: 19
Approved: info-vax@sri-kl.arpa


This mailing list appears on usenet as mod.computers.vax.
Very few unix sites in the US do not have access to it;
many outside the US do as well.  It is naive to think that
anything on it is unavailable to anyone who is interested.

BTW - Security can not depend on ignorance by the attacker.
If one really wants to attack VMS sites, one will buy a VMS
system and (some?) sources.  Much of this info is already
available without this cost.  If your system relies on
VMS obscurity for protection, you are wide open.  (Yes
Virginia, the password encryption algorithm is available.)

-andy
-- 
Andy Freeman
UUCP:  ...!decwrl!shasta!andy forwards to
ARPA:  andy@sushi.stanford.edu
(415) 329-1718/723-3088 home/cubicle