Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!rutgers!sun-barr!cs.utexas.edu!uunet!ficc!peter From: peter@ficc.uu.net (Peter da Silva) Newsgroups: comp.misc Subject: Re: Computer Virus Hearings Keywords: virus, goddard, congress, leahy Message-ID: <4295@ficc.uu.net> Date: 24 May 89 14:26:29 GMT References: <154@oldcolo.UUCP> <4246@ficc.uu.net> <11813@well.UUCP> Distribution: usa Organization: Xenix Support Lines: 43 In article <11813@well.UUCP>, dave@well.UUCP (Dave Hughes) writes: > In article <4246@ficc.uu.net>, peter@ficc.uu.net (Peter da Silva) writes: > > In article <154@oldcolo.UUCP>, dave@oldcolo.UUCP (Dave Hughes) writes: > > > A system > > > which permits uncontrolled access to its ports, or self-assigned > > ^^^^^^^^^^^^^ > > > passwords is not even covered under the Electronic Privacy Act. > > ^^^^^^^^^ > > Either you're confusing passwords with accounts, or the EPA is grossly > > misdesigned, or you're misinterpreting it. > If one can just dial a numebr, get a modem > connect, having never dialed it before, and get into the system > without anybody's permission the system is not a closed system. Well, I hope the act uses language that reflects that meaning instead of talking about self-assigned passwords. > One > typical way is to have either no passwords required, or to permit > the first time caller to assign himself an id and a password and > then to have full access. Exactly. Assign himself an ID and a password. We don't let people set up their own ids, but forcing them to use system-assigned passwords would reduce security, not enhance it. The password by itself is not a key. You need a password and a valid account id. And you need the old password to change the new one. > Maybe you have some fancier words for all that - ones that > Congressmen will understand who don't 'do modems'? "User id and password"? "Self-assigned accounts"? "Automatically assigned accounts?" Just what precisely does the act say about this? -- Peter da Silva, Xenix Support, Ferranti International Controls Corporation. Business: uunet.uu.net!ficc!peter, peter@ficc.uu.net, +1 713 274 5180. Personal: ...!texbell!sugar!peter, peter@sugar.hackercorp.com.