Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!mimsy!mangoe
From: mangoe@mimsy.UUCP (Charley Wingate)
Newsgroups: comp.misc
Subject: Re: Hacker Scholarship
Message-ID: <7232@mimsy.UUCP>
Date: Sat, 27-Jun-87 20:02:18 EDT
Article-I.D.: mimsy.7232
Posted: Sat Jun 27 20:02:18 1987
Date-Received: Sun, 28-Jun-87 04:48:00 EDT
References: <2757@mtgzz.UUCP> <140200002@tiger.UUCP>
Organization: U of Maryland, Dept. of Computer Science, Coll. Pk., MD 20742
Lines: 27

Randy Davis writes:

>   This is getting pretty stupid.  There are only a finite number of security
>holes.  If the people trained to find them help close them, it is doing
>everybody good.  I have found a few and have told the affected administrators
>about them.  If they exploit them, there ARE laws (albeit hard to enforce and
>prove).  Equating this to rape and murder is stupid.  Equating this to
>leaving an EXPENSIVE package in an UNLOCKED car (with the windows down and a
>flashing light on top and sign reading STEAL ME) in a parking lot is closer -
>great value at almost no risk with normally only monetary hurt.  Come on
>people, wake up to the real world.  Ignoring them and acting as if law
>enforcment will eradicate computer security holes is pretty ridiculous.

There are two errors here.

There first is that there is ALWAYS a security hole.  For starters, there is
the front door of the system.  Security systems are not like full body
armor; they are more like shields, and there is always someone clever enough
to figure out either how to go around or how to exploit the necessary holes
in the system.

From this point of view, ALL systems have a "flashing light on top".
Security holes don't create break-ins; people create break-ins.  The
attitude that "someone is asking for it" is one of the things that help
raise the crime rate.

C. Wingate