The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #078 [Re: virus litigation] (1 message, 654 bytes)
NOTICE: recognises the rights of all third-party works.


From: comer (Douglas Comer)
To: phage
Date: Sun 07:59:21 06/11/1988 EST
Subject: Re: virus litigation
References: [Thread Prev: 077] [Thread Next: 090] [Message Prev: 075] [Message Next: 079]

My response, briefly:
1) This is a problem with an implementation of UNIX. It is *not* an Internet
2) The proper way to report security problems is to contact the appropriate
   authorities, not to exploit the holes.  (a person isn't innocent of bank
   robbery just because he tells the judge, "I didn't really use the money --
   I just wanted to show how bad the locks were.")
3) Using just rsh and cracking passwords, one could infiltrate almost all
   machines at Purdue and at least three other sites, and we certainly do
   *not* want to turn off rsh.  So let's not argue that all "holes" that this
   program exploits are an invitation for misuse  (an analogy: even if I leave
   my office door open, ransacking my office is still unethical/illegal.