Path: utzoo!utgpu!water!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!bloom-beacon!oberon!lipari.usc.edu!crum
From: crum@lipari.usc.edu (Gary L. Crum)
Newsgroups: comp.os.misc
Subject: Re: What does NeXT do about security?
Keywords: NeXT, security
Message-ID: <12852@oberon.USC.EDU>
Date: 17 Oct 88 01:35:37 GMT
References: <360@elan.UUCP> <5806@killer.DALLAS.TX.US> <9265@bigtex.cactus.org> <1403@percival.UUCP> <4006@phoenix.Princeton.EDU>
Sender: news@oberon.USC.EDU
Reply-To: crum@lipari.usc.edu (Gary L. Crum)
Distribution: na
Organization: University of Southern California
Lines: 28

In article <4006@phoenix.Princeton.EDU> mbkennel@phoenix.Princeton.EDU (Matthew B. Kennel) writes:
>
>In that case, in a networked environment, he can pretend to be any other
>user.  How does a mail server, for example, know that a specific userid
>is actually logged on to some node, or if it's some hacker masqureading
>as the user?  Encryption/decryption of all files?  Same goes for
>remotely mounted volumes.
>

Even without root privileges, any user of a BSD UNIX machine connected
to the Internet can forge mail, using only the telnet program and knowledge
of SMTP.  I would broadcast instructions for this if I thought it would
cause administrators everywhere to adopt a more sophisticated mail protocol
sooner.

Last year when I lived in Salt Lake City I felt that low security levels
along with advertised policy announcements were sufficient and even best
for academic environments, but after having my orange juice wrongfully
taken and consumed from the USC CS department refrigerator even though I
had labeled it with my name, I am becoming more fascist.

See my article in alt.next for more discussion about the repercussions of
mixing UNIX with personal computing.

Why all the cross-posting?  Funnel discussions about the NeXT computer
to alt.next, please, even if the newsgroup name is not ideal.

Gary