terryl@sri-unix (11/03/82)
Sorry to drag this up again, but in the Oct. 1982 issue of Hardcopy
(a magazine rag that says it's the "Magazine of Digital(tm) Equiptment
News"), there's a column called The UNIX(tm) Connection, basically a question/
answer type of column. One of the letters asks, and I repeat verbatim
"How can anyone believe that UNIX is a secure system after that big
security breach at Berkeley last spring?"
I had to laugh at it, but the answer to letter was almost as funny as the
letter itself. While the answer is too long to type in here, the gist of the
answer was programmable keys, and "UNIX, like any other decent operating system,
allows one user to write to a fellow user's terminal.....". Of course, everyone
out in netland knows what really happened, so I won't espouse on that here.
The last sentence in the answer was this, and this is what made me laugh so
much
"(Those terminals have all been reprogrammed now.)"
Reprogrammed to do what???Is my alma mater doing nasty things to ter-
minals??? (Actually, I don't care what they're doing to terminals, it's just
that the last sentence has about as much meaning as.......).
Never afraid to rotate my name,
Terry Laskoditrb (11/10/82)
No, no, Terry, you got it all wrong. The terminals weren't reprogrammed, that was a typo. They were DEPROGAMMED. They had this responsible adult come in and brainwash the terminals into decrying the nasty hacker cult and promising never again to accept errant data. Thanks to God those CRT's are now productive members of society again. Hallelujah. Andy Tannenbaum Bell Labs Whippany, NJ (201) 386-6491
honey (11/10/82)
teklabs.1508 followup actually, i did "reprogram" my hp 2621 and 2626 to defeat letter bombs, et al. peter honeyman
ucbvax:ARPAVAX:UNKNOWN:conde@sri-unix (11/10/82)
The only case of "reprogrammed" terminals that I am aware of is that a certain group is buying what I would consider to be undesirable terminals here so that the problem would not occur. Also, special ROM's may have been burnt, but I am not sure. Dan Conde
mem (11/10/82)
c I have no idea what happened at Berkeleleley.
johnl (11/10/82)
The "Unix Connection" column is always a mother lode of half truths and vague mumblings. I never miss it. Perhaps some of us net types should volunteer to help Walter Zintz write it. It's funny, though, at Princeton in 1970 when friends and I found a small hole in TSS/360 that let you become any other user, just by writing some little command scripts (no programs or terminals needed, it was a really great bug) it never even made the local paper. Bah. John Levine, IECC, PO Box 349, Cambridge MA 02238; (617) 491-5451 decvax!yale-co!jrl, harpo!esquire!ima!johnl, ucbvax!cbosgd!ima!johnl (uucp) Levine@YALE (Arpa).
mcdaniel (11/10/82)
#R:teklabs:-150800:uiucdcs:10600022:000:202
uiucdcs!mcdaniel Nov 10 12:34:00 1982
So sorry, but I don't know what happened. Would anyone care to post a brief
explanation?
Tim McDaniel
(. . . pur-ee!uiucdcs!mcdaniel)bcw (11/13/82)
From: Bruce C. Wright @ Duke University Re: Unix security Probably the reason the hole in TSS/360 didn't even make the local paper is because it wasn't really news: nobody's surprised at holes in IBM 360 software (when one of the internal IBM design teams looked at MVS, they thought of about 50-100 possible security holes in a relatively short time - and I think just about *all* of them were there!). They are getting somewhat better (you can't crash the system by leaving out a comma on the job card), but you certainly can't accuse the IBM systems of any great level of security. Which makes me think that maybe another oxymoron would be computer system security (maybe this has already been taken). Bruce C. Wright @ Duke University