Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watnot!watmath!clyde!rutgers!ames!ucbcad!ucbvax!A.ISI.EDU!LYNCH
From: LYNCH@A.ISI.EDU.UUCP
Newsgroups: mod.protocols.tcp-ip
Subject: Re: My Broadcast
Message-ID: <8704040234.AA07554@ucbvax.Berkeley.EDU>
Date: Fri, 3-Apr-87 21:18:43 EST
Article-I.D.: ucbvax.8704040234.AA07554
Posted: Fri Apr  3 21:18:43 1987
Date-Received: Sun, 5-Apr-87 07:05:37 EST
References: <8704021845.AA08097@violet.berkeley.edu>
Sender: daemon@ucbvax.BERKELEY.EDU
Distribution: world
Organization: The ARPA Internet
Lines: 19
Approved: tcp-ip@sri-nic.arpa

John,  I think you did a good thing.  Testing for idiotic holes in
the "system".  Now, if you could figure out a way to encourage
them to get plugged.  I remember years ago being annoyed at the 
loose security in the Tenex operating system that was prevalent
on the early Arpanet.  I couldn't get the wizards at BBN to "fix"
the problems by the "usual" means.  So, one day I took advantage of
the holes and, across the net, all by myself with no confederates,
obtained the password of the wizard of all wizards and sent it to him 
in a one word mail message.  No other communication was necessary.
He plugged the holes as fast as his fingers could type.  I was a "good
guy" and he knew it, but it took an actual event to drive the point home 
it wouldn't be too long before someone else would figure out the
method i used an dperhaps not be so benign.  
Can you think of a similar thing to do?  Or have you already done it?
(I think not because what you are pointing out is going to take
lots of thinking to solve.  But, it has to start somewhere.

Dan
-------