What makes one problem more significant
Steven Bellovin
smb at ulysses.att.com
Sat May 18 03:26:35 AEST 1991
In article <16164 at smoke.brl.mil>, gwyn at smoke.brl.mil (Doug Gwyn) writes:
} I'm not sure I quite understood these categories. Are they the same as:
} 1. secure against attack by outsiders
} 2. secure against attack by insiders
} 3. secure against accidents
} In these terms, we generally consider category #2 to be something that
} can be dealt with by administrative action, and category #3 is expected
} to be handled by the operating system. The login password system ought
} to be sufficient to cope with category #1; however, with the advent of
} ..rhosts and NFS there are a lot of new holes to plug.
}
} I think Dan was going after a problem in category #2, which I don't
} find particularly interesting.
My concerns, and probably Dan's, are twofold. First, in a comparatively
uncontrolled environment -- say, a university, where the comp center
has to take more or less all comers -- a lot of damage can be done
before the administative procedures are used. Second, and more serious,
I worry about hackers breaking in to your system via some bug, and then
using it to launch attacks on others. Collecting passwords is a time-honored
hacker technique.
--Steve Bellovin
More information about the Comp.unix.wizards
mailing list