manager@UMDHEP.BITNET (11/13/85)
Mr. Goldstein presents a very good point in his article about keeping dangerous information off the network. I find it useful to know about security holes and possible system crashers, but is it really necessary to post a short program whose sole purpose in life is to crash a VAX with no privileges needed? I think that it would have been sufficient to excerpt from the SPR without giving out enough information to actually write/run the program. Perhaps naivete would lead one to believe that the benefit of having the information available outweighs the associated costs, but if one system is crashed (maliciously or otherwise), that is more grief than the sum total of benefits to info-vax readers. I would not want to have my computer crashed because somebody thought it would be cute to run the program and 'see if it really works like they say it does', so I for one am disturbed that the program was posted. I don't think that keeping these programs off the net is censorship. Rather, I think that the person who posts such a program is personally RESPONSIBLE if that program is used to crash a computer. Consider a loose analogy, which resembles this situation in the key points: If a particular country had a defensive system that seemed complete, but somebody found out a way for ANYONE to get around it, does (s)he need to (or even have the right to) write an article for a defense journal on the grounds that most of the people who read the journal should know that the problem exists? They're not merely indicating the existence of the problem by publishing the procedure that causes the problem. They are actually promoting and com- pounding the problem. Please, if you find a security loophole, or you figure out a truly unique way of crashing the system, please don't tell anybody except DEC! I can be content just to read a summary of the problem. On the converse, though, if you do find out about a security loophole, it is good to let info-vax readers know what to watch out for (and YES, sometimes this may be hard to do except by giving the trick away. There ARE exceptions, though). Todd Aven Softwear Sweatshop, High Energy Physics University of Maryland manager@umdhep.bitnet manager%umdhep.bitnet@umd2.arpa