Xref: utzoo comp.protocols.tcp-ip:5275 comp.unix.wizards:12285
Path: utzoo!utgpu!attcan!uunet!husc6!uwvax!rutgers!elbereth.rutgers.edu!ron.rutgers.edu!ron
From: ron@ron.rutgers.edu (Ron Natalie)
Newsgroups: comp.protocols.tcp-ip,comp.unix.wizards
Subject: Re: Crackers and Worms
Keywords: bug reality
Message-ID: <Nov.10.08.33.46.1988.10847@ron.rutgers.edu>
Date: 10 Nov 88 13:33:47 GMT
References: <1698@cadre.dsl.PITTSBURGH.EDU> <2060@spdcc.COM> <1240@ucsd.EDU> <3470@vpk4.UUCP>
Distribution: na
Organization: Rutgers Univ., New Brunswick, N.J.
Lines: 11

...and I have worked on IBM's B2 product, but I fail to see what that
has to do with the discussion.  A bug in either product can cause it
to fail to do what it is supposed to do.  In the development group the
Trusted System Programmer frequently has backdoor functions to bypass
the Mandatory Access Control on the test system that one hopes are never
installed in the field (this is much akin to the exploited DEBUG bug
in the BSD systems).  And any secure workstation that's plugged into
a network is very suspect.  I believe NCSC won't even talk to you if
you put an ethernet card in the workstation.

-Ron