Xref: utzoo news.sysadmin:1232 news.admin:3920 Path: utzoo!utgpu!watmath!clyde!rcj@moss.ATT.COM From: rcj@moss.ATT.COM Newsgroups: news.sysadmin,news.admin Subject: Re: Getting Even Message-ID: <36111@clyde.ATT.COM> Date: 9 Nov 88 01:49:19 GMT References: <367@execu.UUCP> <265@acheron.UUCP> <1636@pikes.Colorado.EDU> <5343@medusa.cs.purdue.edu> Sender: nuucp@clyde.ATT.COM Reply-To: rcj@moss.UUCP (Curtis Jackson) Organization: AT&T Bell Laboratories, Whippany NJ Lines: 73 In article <5343@medusa.cs.purdue.edu> spaf@cs.purdue.edu (Gene Spafford) writes: }Consider an analogy: } }Locks built in to the handle of a door are usually quite poor; }deadbolts are a preferred lock, although they too are not always }secure. These standard, non deadbolt locks can be opened in a few }seconds with a screwdriver or a piece of plastic by someone with little }training. } }Now, if you have such a lock on your door, and you wake up in the }middle of the night to find that a stranger has broken into your home }and is wandering about, bumping into things in the dark and breaking }them, how do you react? Do you excuse him because the lock is easy to }circumvent? Do you thank him because he has shown you how poor your }locks are? Do you think *you* should be blamed because you never got }around to replacing the lock with a better one and installing a }burgler alarm? Dr. Analogy here -- this one doesn't wash, either, Spaf. It's better than most, though -- let's see if we can make it accurate. Add the fact that there are many people who have a key to the door of your house, that there are many people coming in, leaving, and wandering all over your house at all hours of the day and night. They aren't in your bedroom, because you have a super-good lock that only a few select people have keys to ;-) but they're everywhere else all the time. They're watching your TV, using your phones, reading your books, using your appliances, etc. In addition, you have a separate door that allows *anyone* in -- it isn't even locked! And there's an honor-system book exchange in the separate area of the house that it opens onto! NOW, are you going to be as upset if you find someone you don't know wandering around in your house in the middle of everyone else? Well, you're still going to be upset because his activities, while not damaging, have disrupted the entire household and brought all the other's activities to a standstill -- so much so that you have to empty the house while you deal with him. But it isn't nearly the fear, upset, and anger you would experience in the analogy you gave. }We have failed to imbue society with the understanding that computers }contain property, and that they are a form of business location. If }someone breaks our computers, they put us out of work. If someone }steals our information, it is really theft -- not some prank gone }awry. If someone broke into the NY Times and vandalized their printing }presses, it would not be dismissed as the work of a bored college }student, and even if it was the son of the editor, I doubt anyone would }make a statement that "It will ultimately be a good thing -- we'll be }forced to improve our security." This, I must admit is a very very valid viewpoint -- hadn't thought of it that way. Thanks. [Due to my rather flaming articles of recent, I feel compelled to clarify that this is NOT sarcasm!] I still take issue, though, Gene. My business location doesn't have people wandering around bumping into things because we have a security group and a lobby with guards. We don't shut ourselves off from the outside world, there are no fences, just security at the entrances. Bob Morris didn't come in through the window -- he came in through the door. }We cannot depend on making our systems completely secure. To do so }would require that we disconnect them from each other. There will }always be bugs and flaws, but we try to cover that by creating a sense }of responsibility and social mores that say that breaking and cracking }are bad things to do. Now we have to demonstrate to the world that "Computer Cracking -- Just Say No" You should get Nancy Reagan to help with your campaign -- look what she's done against drugs in the U.S. :-( I'm glad my bank doesn't have your attitude. Curtis Jackson -- att!moss!rcj 201-386-6409 "The cardinal rule of skydiving and ripcords: When in doubt, whip it out!"