Publicizing Security Issues
Al Filipski
al at mot.UUCP
Sat Mar 2 04:53:24 AEST 1985
A co-worker and I here have written a paper on "UNIX Security".
We describe the security features of UNIX, the most well-known
ways of breaking in, and countermeasures to be taken against
those who try to break in. The article is similar to the BSTJ
article which appeared just after we had written ours. We submitted
our article to a major popular computer magazine. The editor is
uncertain about possible legal liability should anyone use information
in the article towards illegal ends. I do not know at this point if
it will be published or not. I'd like to poll the wizards on this point:
Is free circulation of this kind of information a good or bad thing?
I tend to belong to the free-speech school that says that
dissemination of knowledge is a good thing and will strengthen UNIX
security in the long run. For one thing, a problem stands a much
better chance of being fixed if it is well-known. Second, with
the proliferation of UNIX, there are a great many inexperienced
administrators out there who are sitting ducks. They are often not
hackers themselves and are at a disadvantage against people
who have taken the time and energy to learn security by poking
around themselves.
Experiences, opinions, facts, arguments, flames, etc. are requested
via mail and will be summarized.
--------------------------------
Alan Filipski, UNIX group, Motorola Microsystems, Tempe, AZ U.S.A
{allegra | ihnp4 } ! sftig ! mot ! al
{seismo | ihnp4 } ! ut-sally ! oakhill ! mot ! al
--------------------------------
If not now - whom? If not me - when?
More information about the Comp.unix
mailing list