ian@utcsstat.UUCP (Ian F. Darwin) (05/29/84)
From: rh@mit-eddie.UUCP (Randy Haskins) How would any of you people feel if (somehow, it doesn't matter how it happened...) the superuser password for your system appeared on one of these BBoards (along with dial-in numbers)? We still have a rash of children with TRaSh-80's calling up our DEC-20 trying to break in (fortunately, it's a little tougher than most people could manage). This started about January when some of our phone numbers appeared on a TRaSh-80 BBoard that someone locally was running. I would be justifiably upset, as you would. But I would be just as upset if my root password appeared in a world-readable file on *your* system. Or if my system operations password appeared in net.unix posted from *your* system. If (by your logic) the owner of a public-access bulletin board system should be held responsible for messages which appear on it, then perhaps *you* should be held responsible for what users put on your system. Aha - you don't like that idea? Neither do I, of course. The answer is that the person who steals the information and makes it public is the criminal, not the person who operates the media. As has been said, the post office is not responsible if criminals keep in touch by mail, nor the phone company if criminals plan a bank robbery by phone, nor the newspaper if kidnappers place coded messages in the personals section. By the way, not all of them are kids with TRS-80's. We had one with a Z80 (not all TRS-80's are Z80's) and a clever program break an instructor's password by encrypting an entire dictionary and finding accounts which had English-word passwords. If someone had managed to crack our system, they couldn't have done too much damage, just made a few people who were taking courses lose work, you know, little trivial things like that (extreme sarcasm mode). You and the rest of us. We're all vulnerable. If the data is important, don't keep it on a machine with dial-ups or a system reachable by networks. Period. Yeah, yeah, I know, we should make our system breakin proof. Well, it practically is, but I think it's just a bit annoying that these little BBoards can be used to spread information that probably shouldn't be spread. See comments above. The impulse to ``pass a law everytime something you don't like happens'' is so widespread that it is taken for granted, both in your country and mine. This impulse should be checked before we sink under a sea of laws (sarcasm mode - look at a law library today). Someone should be held responsible for the BBoard.... For the most part, the BBS operators are not supportive of system crackers. There are exceptions; if the BBS whose seizure started this brouhaha was in fact a system-crackers' BBS then perhaps shutting it down is a good thing. But don't use this as a generalization to close them all down. Toronto's reputable bulletin boards have already (without legislation or threat of it) taken steps such as controlling membership or requiring a code for access. The point of this is so that users will behave responsibly, or be cut off if they don't. There will always be ``pirates' cove'' type BBS's, which are underground. But if you want to have an open society (as I think most of us do), you have to tolerate other people's free speech, not all of which will be to your liking. And occasional criminals. But send the police after the criminals, not the computer operators. Ian F. Darwin, Toronto, Canada ihnp4!utcsstat!ian -- Ian Darwin, Toronto uucp: utcsstat!ian Arpa: decvax!utcsstat!ian@Berkeley