Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!linus!genrad!decvax!harpo!seismo!hao!hplabs!sri-unix!edhall@rand-unix From: edhall%rand-unix@sri-unix.UUCP Newsgroups: net.unix-wizards Subject: Re: The security of UNIX Message-ID: <2608@sri-arpa.UUCP> Date: Mon, 27-Jun-83 20:45:00 EDT Article-I.D.: sri-arpa.2608 Posted: Mon Jun 27 20:45:00 1983 Date-Received: Thu, 30-Jun-83 23:57:31 EDT Lines: 32 A simple parable: Foobar Home Development, Inc. builds a `status' housing tract. Although the locks Foobar put on the homes look secure enough, there exists a way to open any lock in seconds with simple household tools, and without making the entry obvious. Johnny Admins, a resident of the new tract, discovers the problem quite by accident. He decides to print up some flyers describing the problem and place them on the windshields of cars at a local shopping center. Did Johnny do the right thing? I think most people's answer would be `no'. And I propose that posting computer security holes to a semi-public computer bulletin-board, such as this, is equally as wrong. The argument that ``security breaches are going to happen anyway whether we disclose their techniques or not,'' doesn't work for me. And I further propose that the reason why most of the readers of this forum, myself included, don't think in these terms is that we are so involved in the technical details of computing that we have lost all contact with the moral implications of what we are doing. The attitude of a lot of computer- wise people I know is that ``if I can figure out a way of doing it, then it must be OK to do (when it involves a computer).'' * * * * * It would probably be best if this discussion moved from Unix-Wizards to a more appropriate forum. -Ed Hall