Path: utzoo!utgpu!jarvis.csri.toronto.edu!cs.utexas.edu!mailrus!accuvax.nwu.edu!nucsrl!telecom-request From: klg@dukeac.UUCP (Kim Greer) Newsgroups: comp.dcom.telecom Subject: Re: The Wrong End of the Telescope Message-ID: <4742@accuvax.nwu.edu> Date: 4 Mar 90 14:50:09 GMT Sender: news@accuvax.nwu.edu Reply-To: klg@dukeac.UUCP (Kim Greer) Organization: Academic Computing, Duke University, Durham, NC Lines: 65 Approved: Telecom@eecs.nwu.edu X-Submissions-To: telecom@eecs.nwu.edu X-Administrivia-To: telecom-request@eecs.nwu.edu X-Telecom-Digest: Volume 10, Issue 145, Message 1 of 6 In article <4599@accuvax.nwu.edu> John Higdon writes: X-Telecom-Digest: Volume 10, Issue 135, Message 4 of 7 >Just so there is no doubt, let me be absolutely clear concerning which >side of the aisle I'm on. Not long ago, I blasted a post from some >hacker which netted me some "warnings"--nay, threats from inhabitants >of the the "darkside", etc. Never in any of my writings have I >justified hacking now or in my other life of a distant past. The >rational for phreaking and hacking was lame then and it's lame now and >given the potential harm should not be tolerated. Are you with me so >far? I'm glad we agree on this. My intention never has been to begin a war about this kind of stuff. It's sort of funny how a common "enemy" can sometimes turn like-minded (for the most part) people against each other. >I would be mightily outraged if one broke into one of my systems. >However, we are at some disagreement as to prevention techniques. You >seem to feel (and I don't want to put words into your mouth) that it >is more effective to run around and try to put all the hackers in jail >rather than simply making the systems secure. I think it is more effective to have the laws applied to them than to NOT have the laws applied, when laws are broken and things are stolen. >rather than simply making the systems secure. That sounds ok to me, but what _do_ you do with people who insist on the "challenge" of getting into systems that _are_ secure? There are some who get a bigger charge out of the "tough" systems - after all, "any weenie can get in the insecure computers. What I'm doing is _real_ hacking. See how great I am?" Its an ego thing. The same challenge is what prompts video game makers to build in higher and higher degrees of difficulty. >rather than simply making the systems secure. ^^^^^^ What is simple for one person is far beyond the imagination of others. I think that there is no simple way to make most systems secure. I also think that most administrators, including myself, really have no uniform way of making a system secure. I cite the Robert Morris example. I would wager that most sys-adms had no idea such a loophole existed. Like most other people, I will do whatever I can, but how can anyone protect against every possible method of attack by an unknown number of intruders-to-be? >Don't you feel that it is "criminal" to be easier to hack into a >system such as a telco RMAC than say someone's home UNIX computer? >This was my point of the post. If security at critical systems is "au >casual", then my ire is directed at the administrators of those >systems, not the hackers. I agree to the point of it being dumb and negligent to some degree. I started to say that I might even go so far as to say they got what was coming to them, but ... nah. I think we are both saying sort of the same thing - security should be carried out to best of one's ability (or through the use of someone who may be more knowledgeable of such matters). Kim Greer klg@orion.mc.duke.edu