Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!linus!genrad!mit-eddi!mit-vax!eagle!harpo!seismo!hao!hplabs!sri-unix!edhall@rand-unix
From: edhall%rand-unix@sri-unix.UUCP
Newsgroups: net.unix-wizards
Subject: Re: a thought about UNIX login security
Message-ID: <2284@sri-arpa.UUCP>
Date: Fri, 17-Jun-83 19:59:00 EDT
Article-I.D.: sri-arpa.2284
Posted: Fri Jun 17 19:59:00 1983
Date-Received: Sun, 19-Jun-83 17:29:13 EDT
Lines: 29

As the former system manager of a campus UNIX system, I am well
aware of many of UNIX's security holes.  Students (and sometimes others)
seem to have a knack for discovering these, and often exploit them
when they do.

Some of these people of dubious morals read UNIX-WIZARDS.  They might
see a paper copy of it circulated around the computer center, or even
have a legitimate entry on the mailing list.

I'm certain that at a half-dozen places across the country someone
is now creating a program to search the UNIX word list for a password.
Maybe they'll get caught, or their program will be killed when its
discovered using up so much CPU.  But a weekend would be all it takes,
and perhaps on a `borrowed' account.

I hope the message is clear.  As much as I'd like to be able to discuss
security issues on UNIX-WIZARDS, I'm afraid doing so can do as much harm
as good.

But everyone who reads UNIX-WIZARDS knows better than to use a trivial
password, right?  Especially system administrators...  Let's hope that
chance that everyone has realized that an 8-letter password can easily
be less secure than 3 random characters.

Excuse the flame; there have been several chances for me to comment on
this in the past.  Some recent sad events on my `old' system inspired
me to write now.

		-Ed