Security in General

charlie at cca.UUCP charlie at cca.UUCP
Fri Jun 24 08:27:04 AEST 1983


I would like to comment on attitudes towards people who try to break
through security schemes on UN*X and other shared computers.  Most
writers seem to regard these people as either evil or mis-guided and a
detriment to mankind.  People exhort hackers to avoid the first step
towards that path to crime.  I find this attitude fundamentally
wrongheaded.

Honest hackers are an important resource.  They find security holes
before criminals do so they can be fixed.  System designers invest only
as much effort in security as they have to.  Security holes should be
kept secret only to allow systems people time to fill them; not so they
can avoid it.  My experience is on DTSS (Dartmouth Time Sharing System).
It was developed in an environment where attempts to break security were
encouraged.  Good hackers were folk heroes.  The system as developed was
very secure; it had to be, or it wouldn't be useable.

Hackers should be particularly tolerable in a university environment.
The hackers themselves are learning about computer systems, and other
users are learning the insecure operating systems shouldn't be counted
on to provide a secure environment.

Hackers are the adversaries of those trying to maintain system security,
but not the enemies.  Think of them as the vaccine that prevents a far
worse disease.



More information about the Comp.unix.wizards mailing list