Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!linus!philabs!seismo!harpo!decvax!cca!charlie From: charlie@cca.UUCP Newsgroups: net.unix-wizards Subject: Security in General Message-ID: <4991@cca.UUCP> Date: Thu, 23-Jun-83 18:27:04 EDT Article-I.D.: cca.4991 Posted: Thu Jun 23 18:27:04 1983 Date-Received: Fri, 24-Jun-83 15:27:31 EDT Lines: 24 I would like to comment on attitudes towards people who try to break through security schemes on UN*X and other shared computers. Most writers seem to regard these people as either evil or mis-guided and a detriment to mankind. People exhort hackers to avoid the first step towards that path to crime. I find this attitude fundamentally wrongheaded. Honest hackers are an important resource. They find security holes before criminals do so they can be fixed. System designers invest only as much effort in security as they have to. Security holes should be kept secret only to allow systems people time to fill them; not so they can avoid it. My experience is on DTSS (Dartmouth Time Sharing System). It was developed in an environment where attempts to break security were encouraged. Good hackers were folk heroes. The system as developed was very secure; it had to be, or it wouldn't be useable. Hackers should be particularly tolerable in a university environment. The hackers themselves are learning about computer systems, and other users are learning the insecure operating systems shouldn't be counted on to provide a secure environment. Hackers are the adversaries of those trying to maintain system security, but not the enemies. Think of them as the vaccine that prevents a far worse disease.