Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!ames!netsys!vector!rpp386!jfh
From: jfh@rpp386.Dallas.TX.US (John F. Haugh II)
Newsgroups: comp.unix.wizards
Subject: Re: Worm/Passwords
Message-ID: <8599@rpp386.Dallas.TX.US>
Date: 13 Nov 88 14:41:49 GMT
References: <22401@cornell.UUCP> <4627@rayssd.ray.com> <17830@glacier.STANFORD.EDU> <8563@rpp386.Dallas.TX.US> <8869@smoke.BRL.MIL>
Reply-To: jfh@rpp386.Dallas.TX.US (John F. Haugh II)
Organization: River Parishes Programming, Dallas TX
Lines: 25

In article <8869@smoke.BRL.MIL> gwyn@brl.arpa (Doug Gwyn (VLD/VMB) <gwyn>) writes:
>In article <8563@rpp386.Dallas.TX.US> jfh@rpp386.Dallas.TX.US (John F. Haugh II) writes:
>>I have been working on a drop-in replacement for login and friends since I
>>learned of the Internet virus.
>
>Why?  Your replacement would not have stopped this virus.

I currently don't have any systems running TCP/IP or sendmail.  Since the
current front-line attack for UUCP systems is through login, I thought it
would be a great idea.

One other consideration was that in the real world system programmers
don't have the source to all known forms of Unix to play with.  Very soon
I hope there will be an infinitely configurable login to use.

>Making life harder for legitimate users does not necessarily
>increase security, and it often achieves the opposite effect.

And please examine the code before being so critical.  Several of the new
[ cloned, rather ] features do not inconvenience the user.
-- 
John F. Haugh II                        +----Make believe quote of the week----
VoiceNet: (214) 250-3311   Data: -6272  | Nancy Reagan on Artifical Trish:
InterNet: jfh@rpp386.Dallas.TX.US       |      "Just say `No, Honey'"
UucpNet : <backbone>!killer!rpp386!jfh  +--------------------------------------