Path: utzoo!utgpu!water!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!cs.utexas.edu!unisec!dpw
From: dpw@unisec.usi.com (Darryl P. Wagoner)
Newsgroups: news.sysadmin
Subject: Re: Security checkup
Keywords: security intruder self-help
Message-ID: <1146@unisec.usi.com>
Date: 23 Oct 88 16:11:00 GMT
References: <167@carpet.WLK.COM> <1454@lznv.ATT.COM> <1834@ddsw1.MCS.COM> <1325@nmtsun.nmt.edu>
Reply-To: dpw@unisec.USI.COM (Darryl P. Wagoner)
Distribution: na
Organization: UniSecure Systems, Round Rock, Tx
Lines: 31

In article <1325@nmtsun.nmt.edu> todd@nmtsun.nmt.edu (Todd/Dr. Nethack) writes:
>In article <1834@ddsw1.MCS.COM> karl@ddsw1.UUCP (Karl Denninger) writes:
>>In article <1454@lznv.ATT.COM> ziegler@lznv.ATT.COM (J.ZIEGLER) writes:
>
>I will disagree strongly with that..
>There are many system admins. who have no time to spend reading the postings.
 
>(I site this based on various experiences with educational institutions)
 
>You will fuel the student hacker and his/her/its curiousity about what can
>be done on their system.

This assumes that NO ONE at that site is going to find out the hole and 
expose it.  We all know what assuming will do.  This, if anything is a
false sense of security.  IF no one will post holes to the net so I don't
need to waste my time to find out and fix them either. I am perfectly safe
as long as no one posts a hole I don't know about.  If you believe this
I have a bridge in SF that makes a mint in tolls that I need to get ride
for tax reason. :-)

The problem with this logic (besides being wrong) is that it will keep
the systems admins in the dark while the crackers pass around the holes 
that they have found in the system.  
 


-- 
Darryl Wagoner		dpw@unisec.usi.com
UniSecure Systems, Inc.; 			OS/2, Just say No!
Round Rock,  Tx; (512)-255-8751 (home) (512)-823-3774
UUCP:  {ut-sally!uiucuxc!kitty}!unisec!dpw