UNIX-WIZARDS Digest V3#078
Scott E. Preece
preece%mycroft at gswd-vms.arpa
Wed Mar 11 01:59:38 AEST 1987
black at ee.UCLA.E:
[responding to a note about Gould challenging the local student
ACM chapter to try to break into our Secure Unix product]
> By the time this ACM "attack team" is finished with their "project",
> every one of these people is going to be a veritable black-belt in
> system destruction. It speaks pretty poorly of Gould that they feel no
> compunction about encouraging people to obtain this type of knowledge.
----------
Well, if they don't learn about what holes in operating systems look
like, they can't reasonably be expected to avoid them when they get
the chance to design systems themselves. I presume their advisors
will counsel them on the appropriate use of this knowledge. I guess
I generally favor the acquisition of knowledge, even if that knowledge
has potentially evil applications.
----------
> Suppose that a nuclear energy facility had developed what they
> considered an "unbreakable" security system for a plutonium reprocessing
> plant. Would it then behoove the company to seek out a collection of
> Palestinian terrorists and dare them to steal 150 kilos of weapons-grade
> Pu? I dare say that any company doing this would soon find that its
> management was cooling their heels in a max. sec. prison.
----------
I don't know about seeking out practicing terrorists to test your
security, but the hiring of tiger teams to test security systems on
computer systems and physical plant facilities is well known. If your
security can be broken, you'd prefer to find out under controlled
circumstances rather than as the result of a real break in.
----------
> With Unix branching out into more and more critical operations (banking,
> hospitals, national security, etc.), what possible right does Gould have
> to assemble a team of "super-hackers", no matter how reliable these
> people are?
----------
I don't really think that's what the challenge is doing, but what I
said before still applies. The use of break in attempts by independent
teams is a fairly normal thing to do.
What Black really doesn't like is (1) that the knowledge acquired
by the team in trying to break into our system can then be applied
to other, probably less secure, Unix systems and (2) that the
team will be made up of students, who he apparently considers less
trustworthy than himself. I don't see the problems he does. The
knowledge of how to break Unix systems is already spread far and
wide; from the paper on Unix security that accompanies the standard
documentation to the discussions in books like Tanenbaum's, this is
hardly arcane stuff. As to the people involved, I can only point to
the many examples available of people thought to be irreproachable
professionals who turned out to be spies, embezzlers, and cheats.
The student chapter of the ACM at the University is made of people
who in a year or two will be functioning computer professionals,
just like the rest of us; I trust them as much as I do Rex Black.
[DISCLAIMER: Though I work for Gould, I don't speak for Gould in
this note or in general.]
--
scott preece
gould/csd - urbana
uucp: ihnp4!uiucdcs!ccvaxa!preece
arpa: preece at gswd-vms
More information about the Comp.unix.wizards
mailing list