Path: utzoo!attcan!uunet!van-bc!sl
From: sl@van-bc.UUCP (pri=-10 Stuart Lynne)
Newsgroups: news.sysadmin
Subject: Re: Security checkup
Keywords: security intruder self-help
Message-ID: <1908@van-bc.UUCP>
Date: 5 Oct 88 20:51:44 GMT
References: <167@carpet.WLK.COM> <1454@lznv.ATT.COM>
Reply-To: sl@van-bc.UUCP (pri=-10 Stuart Lynne)
Distribution: na
Organization: Wimsey Associates, Vancouver, BC.
Lines: 31

>> I would like to know if one or more of the more seasoned System
>> Administrators could post some preventative measures that those of
>> us with less experience could use.
>
>Please, please, please!!  Anyone with knowledge enough to answer
>this question, DO NOT POST IT TO THE NET!!!!  Electronic mail and
>net postings are grossly inappropriate places to discuss security. 
>
>If you have recommendations about books or articles to read, those
>can be posted.  Specific recommendations should be communicated in
>person or by telephone.  Hackers do not need encouragement or
>challenges, much less the helpful hints that such responses would
>undoubtedly contain.  'Nuff said.

I've always wondered if perhaps the main proponents of this line of thinking
were the hackers themselves. 

After all they have alternate methods of spreading this information among
themselves, and it wouldn't do them any good to see the information be given
to the many system administrators on the net. 

The discussion about this has taken place many times on the net. I believe
that the current (?) concensus of opinion is to post enough information to
allow people to fix their systems. This doesn't mean post cookbook recipes
for breaking in, but fixes to known problems and how to avoid them. 

Also it put's vendors under much more pressure to fix problems expediently.


-- 
Stuart.Lynne@wimsey.bc.ca {ubc-cs,uunet}!van-bc!sl     Vancouver,BC,604-937-7532