Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1 6/24/83; site cithep.UucP
Path: utzoo!watmath!clyde!burl!ulysses!allegra!princeton!astrovax!cithep!tim
From: tim@cithep.UucP (Tim Smith )
Newsgroups: net.followup
Subject: Re: Hackers and others take note
Message-ID: <62@cithep.UucP>
Date: Sat, 15-Dec-84 00:40:29 EST
Article-I.D.: cithep.62
Posted: Sat Dec 15 00:40:29 1984
Date-Received: Sun, 16-Dec-84 05:05:57 EST
References: <410@gitpyr.UUCP>, <336@stcvax.UUCP>
Organization: Caltech HEP, Pasadena, CA
Lines: 45

>> On another note, among all those security breakers will probably come a
>> few who will grow up and make computer security a lot more real than it
>> is now.  I don't believe the FBI should crack down so hard on these people.
>> The problem ought to be solved from the other end, the computer end.
>> Don't lock the people up after the damage is done, prevent the damage from
>> being done in the first place.
>
>It's pretty much taken for granted that professional thieves can break
>into cars or homes in a matter of minutes, burglar system or not.
>Apply your logic to this similar situation (and it is similar).  How
>expensive of an alarm system should I have to spend to protect my home
>and property from common thieves?  Shouldn't we be lenient on them
>so that they can later advise the law enforcement and burglar alarm
>people on how to prevent them from breaking in?

Yes, a professional thief can probably get around any burglar alarm that
I can afford.  But very few thieves can get around the alarms that a bank
can afford.  And even fewer can get into, say, Fort Knox.  So I will keep
my valubles in a bank.

Now look at what a computer thief faces.  Consider TRW's credit card
system.  From what has appeared in the news, it seems that no great
skill is involved in breaking this system.  Look guys, If I put all
my money in an envelope, and stick it on my front door, with a sign
that says "MONEY -- TAKE ME!!!!" on it, it's going to get stolen!

Any big company ( And TRW is big, aren't they? ), should be able
to afford some reasonable computer security.  It should at least
require the skills of an expert computer theif to break into
a big companies system, dammit!

Here at cithep, we have a machine running VMS.  It talks to some sort
of network with about 100 VMS machine on it.  We spent an afternoon
once connecting to these machines and typeing "SYSTEM" at the "Username:"
prompt, and "MANAGER" at the "Password:" prompt.  Guess how many systems
we got into?  ~20.  ( this is from memory, so don't quote me... ) 

By the way, have any of you people out there on the net tried, or do
you know anybody who has tried, to get into the TRW system.  Did you
make it?  Was it as easy as the newspapers imply that it is?

Maybe if somebody mailed to all the members of Congress their credit card
numbers, we would see some pressure on TRW to get some better security! :-)
-- 
Tim Smith		ihnp4!cithep!tim  or  ihnp4!wlbr!callan!tim