Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10 beta 3/9/83; site mot.UUCP Path: utzoo!watmath!clyde!burl!ulysses!allegra!bellcore!decvax!genrad!panda!talcott!harvard!seismo!ut-sally!oakhill!mot!al From: al@mot.UUCP (Al Filipski) Newsgroups: net.unix,net.crypt,net.unix-wizards Subject: Publicizing Security Issues Message-ID: <115@mot.UUCP> Date: Fri, 1-Mar-85 13:53:24 EST Article-I.D.: mot.115 Posted: Fri Mar 1 13:53:24 1985 Date-Received: Tue, 5-Mar-85 02:05:31 EST Organization: Motorola Microsystems, Phoenix AZ Lines: 30 Xref: watmath net.unix:3820 net.crypt:298 net.unix-wizards:12291 A co-worker and I here have written a paper on "UNIX Security". We describe the security features of UNIX, the most well-known ways of breaking in, and countermeasures to be taken against those who try to break in. The article is similar to the BSTJ article which appeared just after we had written ours. We submitted our article to a major popular computer magazine. The editor is uncertain about possible legal liability should anyone use information in the article towards illegal ends. I do not know at this point if it will be published or not. I'd like to poll the wizards on this point: Is free circulation of this kind of information a good or bad thing? I tend to belong to the free-speech school that says that dissemination of knowledge is a good thing and will strengthen UNIX security in the long run. For one thing, a problem stands a much better chance of being fixed if it is well-known. Second, with the proliferation of UNIX, there are a great many inexperienced administrators out there who are sitting ducks. They are often not hackers themselves and are at a disadvantage against people who have taken the time and energy to learn security by poking around themselves. Experiences, opinions, facts, arguments, flames, etc. are requested via mail and will be summarized. -------------------------------- Alan Filipski, UNIX group, Motorola Microsystems, Tempe, AZ U.S.A {allegra | ihnp4 } ! sftig ! mot ! al {seismo | ihnp4 } ! ut-sally ! oakhill ! mot ! al -------------------------------- If not now - whom? If not me - when?