Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!seismo!rutgers!sri-spam!mordor!lll-tis!ames!amdcad!sun!plx!dlb!dana!worley From: worley@dana.UUCP (John Worley) Newsgroups: comp.misc,misc.headlines Subject: Re: Hacker Scholarship Message-ID: <188@dana.UUCP> Date: Tue, 30-Jun-87 03:14:10 EDT Article-I.D.: dana.188 Posted: Tue Jun 30 03:14:10 1987 Date-Received: Thu, 2-Jul-87 03:31:15 EDT References: <963@rtech.UUCP> Organization: Dana Computer, Inc., Sunnyvale, CA Lines: 57 Xref: mnetor comp.misc:771 misc.headlines:803 daveb@rtech writes: > Ah, we're talking hypotheticals and analogies. > > I have a house and garden next to a city park. There is no fence > between them, and no 'no trespassing' signs. Your analogy is already faulty. The "fence" here is the phone number you must dial to get access to the computer in the first place. Like a good fence, it requires a positive action to "cross". The "lock" or "no trepassing" sign is played by the login routine, which normally requires the user to identify himself/herself and supply a secret comfirmation code (password). So, by dailing up and logging in, the security breaker has overcome three explicit and unavoidable barriers. Further, he/she has misrepresented himself/ herself to the system to gain unauthorized access. [ Scenarios of "if they ... can I" deleted ] > > The analogies to computer security are clear. If electronic > tresspassing is illegal (as I think may be the case), I had better put > up whatever 'fences' the law requires for me to fall under it's > protection. I cannot expect this law to protect my system from illegal > access. > Ref. above - the 'fences' are already there. The intent of the system owner is clear, as is the intent of the electronic tresspasser. > If I want to protect my data from destruction or dissemination, I should > plug whatever holes places them in jeapordy. I am responsible for it > because it is my data. For every lock ever built, there is a way to open it w/o the proper key. It is irrelevant that the lock can be picked, or even that the method to do so is well known. By locking your garage, house, car, bike, you have proven your intent to secure your possesion against unauthorized use; by overcoming the lock, no matter how simple, the thief has demonstrated his/her intent to violate your property. > I see Jobs' "scholarship" as inviting people to locate potential > problems, in a way that will not greatly endanger the real security of > the the systems in question. This does not seem cause for > villification. It's Wozniak, not Jobs. I see his scholarship as an attempt to legitimize the criminal activity of breaking system security. If a computer house wants to test its security, it will authorize someone to try. Abetting, yes even financing, a criminal action is certainly cause for vilification, especially for someone of Steve Wozniak's position of community leader - a position now in great doubt in my mind. John Worley hplabs!dana!worley