Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.1 6/24/83; site cithep.UucP Path: utzoo!watmath!clyde!burl!ulysses!allegra!princeton!astrovax!cithep!tim From: tim@cithep.UucP (Tim Smith ) Newsgroups: net.followup Subject: Re: Hackers and others take note Message-ID: <62@cithep.UucP> Date: Sat, 15-Dec-84 00:40:29 EST Article-I.D.: cithep.62 Posted: Sat Dec 15 00:40:29 1984 Date-Received: Sun, 16-Dec-84 05:05:57 EST References: <410@gitpyr.UUCP>, <336@stcvax.UUCP> Organization: Caltech HEP, Pasadena, CA Lines: 45 >> On another note, among all those security breakers will probably come a >> few who will grow up and make computer security a lot more real than it >> is now. I don't believe the FBI should crack down so hard on these people. >> The problem ought to be solved from the other end, the computer end. >> Don't lock the people up after the damage is done, prevent the damage from >> being done in the first place. > >It's pretty much taken for granted that professional thieves can break >into cars or homes in a matter of minutes, burglar system or not. >Apply your logic to this similar situation (and it is similar). How >expensive of an alarm system should I have to spend to protect my home >and property from common thieves? Shouldn't we be lenient on them >so that they can later advise the law enforcement and burglar alarm >people on how to prevent them from breaking in? Yes, a professional thief can probably get around any burglar alarm that I can afford. But very few thieves can get around the alarms that a bank can afford. And even fewer can get into, say, Fort Knox. So I will keep my valubles in a bank. Now look at what a computer thief faces. Consider TRW's credit card system. From what has appeared in the news, it seems that no great skill is involved in breaking this system. Look guys, If I put all my money in an envelope, and stick it on my front door, with a sign that says "MONEY -- TAKE ME!!!!" on it, it's going to get stolen! Any big company ( And TRW is big, aren't they? ), should be able to afford some reasonable computer security. It should at least require the skills of an expert computer theif to break into a big companies system, dammit! Here at cithep, we have a machine running VMS. It talks to some sort of network with about 100 VMS machine on it. We spent an afternoon once connecting to these machines and typeing "SYSTEM" at the "Username:" prompt, and "MANAGER" at the "Password:" prompt. Guess how many systems we got into? ~20. ( this is from memory, so don't quote me... ) By the way, have any of you people out there on the net tried, or do you know anybody who has tried, to get into the TRW system. Did you make it? Was it as easy as the newspapers imply that it is? Maybe if somebody mailed to all the members of Congress their credit card numbers, we would see some pressure on TRW to get some better security! :-) -- Tim Smith ihnp4!cithep!tim or ihnp4!wlbr!callan!tim