Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.2 9/18/84; site bnl.UUCP Path: utzoo!watmath!clyde!bonnie!akgua!mcnc!philabs!sbcs!bnl!jpm From: jpm@bnl.UUCP (John McNamee) Newsgroups: net.followup Subject: Re: Hackers and others take note Message-ID: <817@bnl.UUCP> Date: Sat, 8-Dec-84 01:02:48 EST Article-I.D.: bnl.817 Posted: Sat Dec 8 01:02:48 1984 Date-Received: Thu, 13-Dec-84 01:36:12 EST References: <2612@dartvax.UUCP> Distribution: net Lines: 38 It has all been said before, but since it has been brought up again, here I go... Fascist laws to protect computer systems from breakins do not solve any problems. At best they give computer owners a false sense of security. If you are going to put your computer on a public network then you best secure it. That means using dialback units if you can, and at the least changing passwords often. TRW should be sued for gross criminal negligence for the way they handle their security. Printing a password on the credit report is just plain stupid. I know they cut that out a few months back, but have they changed every password since then? I doubt it. Do they change all password regularly? I doubt it. Do they use encryption? No. What do these people do to safegaurd their data? Nothing as far as I can tell. I dont see phreak BBS's as the big problem that many others do. They only distribute information, they dont generate it. I'm not saying they shouldnt be shut down (I'm all for it), but that doing so is attacking a symptom rather than the real problem. You wont make security problems go away by closing all the phreak boards. The insecure systems are still out there, and the next batch of kids will break into them and start new phreak boards. I think a solution is to give computer owners an incentive to patch their holes. I'm not a lawyer, but I know there is a principle of "mitigation of damage" that is often applied in civil suits. The idea is that if you want to claim you have been damaged, you have to show that you tried to reduce the damage done. This same principle should be applied when a computer has been broken into. If somebody was able to login to account "guest" with a password of "guest" then the system manager didnt do their job of making the system secure. "Attractive nuisance" laws could even be applied in cases such as this. As far as I'm concerned, if the system owner cared so little about security that obvious logins were available then he has very little right to complain when somebody breaks in. -- John McNamee ..!decvax!philabs!sbcs!bnl!jpm jpm@Bnl.Arpa