Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!seismo!ll-xn!ames!amelia!msf From: msf@amelia (Michael S. Fischbein) Newsgroups: comp.misc,misc.headlines Subject: Re: Hacker Scholarship Message-ID: <2231@ames.arpa> Date: Fri, 3-Jul-87 13:35:20 EDT Article-I.D.: ames.2231 Posted: Fri Jul 3 13:35:20 1987 Date-Received: Sat, 4-Jul-87 13:44:08 EDT References: <2757@mtgzz.UUCP> <345@genesis.UUCP> <2318@hoptoad.uucp> Sender: usenet@ames.arpa Reply-To: msf@amelia.UUCP (Michael S. Fischbein) Organization: NASA Langley Research Center, Hampton, VA Lines: 46 Xref: mnetor comp.misc:784 misc.headlines:834 One point that no one seems to have brought up yet in this discussion is the "attractive nuisance" laws. As I understand them (ie, my nodding acquaintance with the topic), some items (such as a swimming pool) are "attractive nuisances" and it is the owner's responsibility to set up security measures (such as a fence to prevent the local toddlers from drowning). Given the current state of US culture (no pro or con arguments, just let it be there), maintaining a computer system without minimal security is certainly an attraction, both to the irresponsible `crackers' and the curious 'hackers'. Extending this sort of opportunity might even be contributing to the delinquency of a minor, or something. No, people should not have to triple lock their doors, hire armed guards, etc. But bank vaults should. Not all computers need call back modems, multiple encryption schemes, etc. But some do. If you leave your door open and someone steals your stereo, you were not quite brilliant for leaving it open, but the thief is just that, a thief. If you leave your stereo on the curb and someone picks it up thinking you are throwing it away, what then? How about if you leave it in a public area, unsecured, for several days? Computer breakins are just a phone call away -- if someone calls your home phone and you don't want to talk to them, are they stealing your telephone access? If so, what sort of penalty should be imposed? How does this impact direct telephone marketers? If someone calls your computer, that you want to keep secure, and you don't have at least a non-well-known account/password combination, you have left your data in a public place (the telephone exchange) without even a sign on it that says "mine." There is a big difference between someone tapping a phone or committing b&e to get a password to enter a nominally secure system and someone who connects to a modem tone and gets "Welcome to the Whizzo Co orders database" without being asked for id. I don't know of any multi-user computer system capable of remote access that doesn't offer that level of security for free. Yes, it requires a system administrator with an IQ > 50. Yes, it can be broken in several ways, depending on the specific system. But if you park your car with the window down and the engine running, it may get stolen. Lock it, it might still be stolen but the chances are less -- and there is next to no chance that it will be stolen on a lark, by someone out for a joyride rather than profit. mike (maybe I should have said LaRC? :-))