Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!utgpu!water!watnot!watmath!clyde!rutgers!mit-eddie!genrad!decvax!ucbvax!SPAM.ISTC.SRI.COM!robert From: robert@SPAM.ISTC.SRI.COM.UUCP Newsgroups: mod.protocols.tcp-ip Subject: Re: My Broadcast Message-ID: <8704061909.AA28626@spam.istc.sri.com> Date: Mon, 6-Apr-87 13:27:44 EST Article-I.D.: spam.8704061909.AA28626 Posted: Mon Apr 6 13:27:44 1987 Date-Received: Wed, 8-Apr-87 03:43:24 EST References: <12292273571.8.MRC@PANDA> Sender: daemon@ucbvax.BERKELEY.EDU Distribution: world Organization: The ARPA Internet Lines: 44 Approved: tcp-ip@sri-nic.arpa >> ..... we must >> entrust our systems and data to a open-ended set of youthful >> hackers (the current term is "gurus") who have mastered the >> arcane knowledge. Only because these 'youthful hackers' are the only ones willing (or having the time) to look for the problems they discover. >> >> .... >> >> Knowledge is power, and it properly belongs in the hands of >> system administrators and system programmers. It should NOT be >> the exclusive province of "gurus" who have a vested interest in >> keeping such details secret. Mark, I agree that system administators should have the know-how to protect their systems. However I have not seen the concerted effort of gurus to keep security problems secret from the administors. Rather I have seen administrators keeping such holes secret from the users, and then complaining when the users discover and use them. >> >> -- Mark -- >> >> PS: Crispin's definition of a "somewhat secure operating system": >> A "somewhat secure operating system" is one that, given an >> intelligent system management that does not commit a blunder that >> compromises security, would withstand an attack by one of its >> architects for at least an hour. ...except for the case where one has physical access to the hardware. Robert Allen, robert@spam.istc.sri.com Disclaimer: I am not a guru, and I don't advocate breakins, but if a feature is there (such as telnet port 25), and is used, I think that the administrators should share responsibility with the user for any problems that result.