Path: utzoo!utgpu!attcan!uunet!husc6!cmcl2!lanl!unm-la!unmvax!nmtsun!todd
From: todd@nmtsun.nmt.edu (Todd/Dr. Nethack)
Newsgroups: news.sysadmin
Subject: Re: Security checkup
Summary: Nice but bad advice
Keywords: security intruder self-help
Message-ID: <1325@nmtsun.nmt.edu>
Date: 22 Oct 88 21:38:45 GMT
References: <167@carpet.WLK.COM> <1454@lznv.ATT.COM> <1834@ddsw1.MCS.COM>
Reply-To: todd@nmtsun.nmt.edu (Todd/Dr. Nethack)
Distribution: na
Organization: Suns and Guns, Los Alamos-Albuquerque
Lines: 45

In article <1834@ddsw1.MCS.COM> karl@ddsw1.UUCP (Karl Denninger) writes:
>In article <1454@lznv.ATT.COM> ziegler@lznv.ATT.COM (J.ZIEGLER) writes:
>>Please, please, please!!  Anyone with knowledge enough to answer
>>this question, DO NOT POST IT TO THE NET!!!!  Electronic mail and
>>net postings are grossly inappropriate places to discuss security. 
>
>Wrong Sir.
>Wrong sir..

I will disagree strongly with that..
There are many system admins. who have no time to spend reading the postings.

(I site this based on various experiences with educational institutions)

You will fuel the student hacker and his/her/its curiousity about what can
be done on their system.

The sysadmin, has no idea what has hit him..

And if the hacker is dangerous, or destructive.. that can be VERY bad for the
host system, and other systems that are connected to it.

>

Not many of the things I have seen!!

>And few of their kind will be helped.

This is something one should never offer to do under any circumstances.

>the more information, the better.
>You can't plug a hole you don't know... 
>Nearly _all_ holes can be effectively defused IF you know they
>exist.


That is now down to the means of communicating the problems.. and I for one
think that posting of various holes and hacking techniques is not what needs
to be done.

You do want security don't you?

     --nethack
--
todd@jupiter.nmt.edu / nmtsun!todd  Dr. Nethack: Box 3693 c/s Socorro, Nm. 87801