mhw@wittsend.UUCP (Michael H. Warfield (Mike)) (11/17/88)
I am posting this to multiple groups because there are discussion threads
in most of them on the same topic and seemingly oblivious to each other. The
topic, of course, is the hot one of the day, SECURITY. As best I can figure
out, there are two security lists announced in news.sysadmin. The groups
in comp.what-ever are unaware of these groups and are asking me for information
on how to join them. The various discusions interrelate but seem to be going
off on different tangents. All would benefit from a co-ordinated discussion.
I have heard all the reasons for "not" forming a comp.security group (some
are valid, most are bullsh*t). I agree with the principles behind the two
mailing lists having different validation levels.
Proposal:
1) Create comp.security for INTELLIGENT discussion of REASONABLE security
issues. i.e. - no articles of the "I found this and I can't fix it" sort.
Assume that you don't broadcast sensitive information on an unsecure channel!
That's what the two mailing lists should be for and we are supposed to be
semi-intelligent individuals.
2) Administrators for the two mailing lists in news.sysadmin
- Please cross post to:
comp.protocols.tcp-ip
comp.unix.questions
comp.unix.wizards
Cross posting doesn't cost that terribly much and you have a large
legitimite clientele there.
3) Posters - same thing as 2
Security issues cross many topic boundries. They apply not only to
sysadmins or to unix or to wizards and certainly affect more than tcpip. Until
we have a central spot to discuss these issues, make sure your articles get to
the people who can benefit by them.
Security is being discussed right now on many of these groups.
Creating a new group will not compromise the integrity of the discussions any
more than where they are taking place right now. If some of you are still
antsey about a group airing security issues then MODERATE the damn thing but
let's get the show on the road. Let's vote on a new group and whether it
should be moderated. We can discuss what is appropriate for the group and
for the two mailing lists IN THE NEW GROUP. BUT LET'S VOTE!
Finally, if we can move the security issues to their own group, we will
not only get the information in one spot and treat it uniformly, but we
might even cut down on the NOISE level in the other groups so all of us can
get back to the non-security topics in those groups. It's getting harder
to see the forest through the brush in some spots!
If no one else wants to stick their head above the barricades, then I'll
tally. Send me the votes. I ain't fansey. I don't have anything on hand
to do the job automatically. I'll count them by hand an post interesting ones
so EMAIL don't post unless you want to discuss. Anyone else rather handle it
then that's just fine too.
EMAIL:
if( domain_supported )
to = "mhw@wittsend.UUCP"
else
to = "...gatech!galbp!wittsend!mhw"
Thank You.
----
Michael H. Warfield (The Mad Wizard) | gatech.edu!galbp!wittsend!mhw
(404) 270-2123 / 270-2098 | mhw@wittsend.LBP.HARRIS.COM
An optimist believes we live in the best of all possible worlds.
A pessimist is sure of it!haynes@ucscc.UCSC.EDU (99700000) (11/17/88)
There is a misc.security already - don't believe there has been anything
in it for quite some time.
haynes@ucscc.ucsc.edu
haynes@ucscc.bitnet
..ucbvax!ucscc!haynes
"Any clod can have the facts, but having opinions is an Art."
Charles McCabe, San Francisco Chroniclecosell@bbn.com (Bernie Cosell) (11/17/88)
In article <5493@saturn.ucsc.edu> haynes@ucscc.UCSC.EDU (Jim Haynes) writes: }There is a misc.security already - don't believe there has been anything }in it for quite some time. Just so -- the call for comp.security is pretty much misguided. The problem with misc.security is that the moderator moved machines and, apparently, has not yet been able to reestablish connection to the news world, and so the list has been moderator-blocked for something like eight months now. There are, I'm quite sure, LOTS of postings backed up (I know for sure that hobbit is holding onto two or three of mine). Instead of rushing off to start a new newsgroup, why don't we just unmoderate misc.security and see how it works moving all of the security stuff OUT of the random newsgroups for a while. __ / ) Bernie Cosell /--< _ __ __ o _ BBN Sys & Tech, Cambridge, MA 02238 /___/_(<_/ (_/) )_(_(<_ cosell@bbn.com
mhw@wittsend.LBP.HARRIS.COM (Michael H. Warfield (Mike)) (11/18/88)
In article <32417@bbn.COM> cosell@BBN.COM (Bernie Cosell) writes: >Just so -- the call for comp.security is pretty much misguided. The problem >with misc.security is that the moderator moved machines and, apparently, has >not yet been able to reestablish connection to the news world, and so the >list has been moderator-blocked for something like eight months now. Well maybe slightly misguided? I may have jumped the gun a bit on calling for votes but apparently the "misc.security" group is not well known. Judging from the response I have gotten in over less than two days, there is considerable support for an unmoderated group devoted to "computer" security. The charter on misc.security (yes, NOW I'm finally doing my homework!) states that it is "security in general, not just computers". There is also the question of whether the moderator wants to deal with all this goo we have oozing through about a dozen other groups. The seems to be a demand for a place to go and bullsh*t about security (along the lines of who's likely to take out a contract on rtm) as well as a quiet place for serious discussions on real security issues (although these should probably be in the mailing lists when they real get going!). Lets face it folks. Not having a group does not mean the discussions and the bullsh*t won't take place. It just means it will probably take place in a group you're not reading or be in an article you skip because your interested in the other topics in the group (Subject lines arn't all that clear and I don't read everything). Arguements along the lines "well we really shouldn't be discussing this in the open" are (VOID)&NULL . The discussions are taking place RIGHT NOW and in most cases out of your sight! There is no way to stop them (even if all of us wanted to) or even control it. There are books in the bookstores RIGHT NOW with serious security issues covered. These are far more accessible to Joe Blow Hacker than our discussion groups! >Instead of rushing off to start a new newsgroup, why don't we just unmoderate >misc.security and see how it works moving all of the security stuff OUT of >the random newsgroups for a while. I agree completely. We need something rolling as quickly as possible. It seems like the most lasting damage rtm may have done is raising the noise levels in a dozen or so groups to astronomical levels (there are better ways to do this as a few past individuals have show us, but....). One way or another, let's get it all in one spot. Unmoderating misc.security may well be the answer, whose cage do we rattle? I'm out on UUCP so I've not had to deal with "the WORM" but I have had to deal with a few practical jokers getting into "galbp" (much worse for me, these clowns kept coming back for more). I have had to find out about a lot of this nonsense the hard way following serious security breaches. I have not lost a day and a half dealing with a slow down in my system, I have lost weeks in some cases preventing "ghost messages" appearing out of nowhere on my printers and in our mail. These guys even got on our system and were posting forgery USNET articles from galbp! I don't know if I plugged all their holes or if they finally got bored. I will never know and I have to assume that there is something I have missed or that I don't know about! I need to know what everybody else has had to deal with so I can prevent it on my system. You won't find me posting what they did to insert their more devious holes into my system or the stupid mistakes they made which let me I don't need "cookbook" cracking techniques but I haven't seen anyone discussing anything of that sort to date anyways. BTW) It has been pointed out to me by one individual that I should have had a "Followup-To: news.groups" specified in my original call for votes. Largely true and an oversight in my haste, my apologies to everyone. Please carry on the discussion ABOUT THE GROUP in news.groups. Part of my objective was to make some of the discussions aware of each other. That would not have involved a followup (till we get our own working group). Sorry if I tried to cover too much ground in one article (guilty here too I guess). As I said in my original posting, I am processing the votes by "hand". I have received some software for automating this to some extent. Please, if and when you vote, include the following in the "Subject:" line: "yes" If you want the group unconditionally. "no" If you don't want it under any circumstances. "moderated" If you only want it if it is moderated. "unmoderated" If you only want it if it is unmoderated. I will attempt to send out acknowledgements as soon as I can. Summaries will be mailed as well as posted. If you've already sent me a vote, don't worry, your counted. No need to send another. If I am failing to follow some guidlines that I haven't found yet or some unwritten rules please EMAIL them to me! I just run this show over here, I don't pretend to really understand it! Thanks --- Michael H. Warfield (The Mad Wizard) | gatech.edu!galbp!wittsend!mhw (404) 270-2123 / 270-2098 | mhw@wittsend.LBP.HARRIS.COM An optimist believes we live in the best of all possible worlds. A pessimist is sure of it!
trn@aplcomm.jhuapl.edu (Tony Nardo) (11/22/88)
In article <32417@bbn.COM> cosell@BBN.COM (Bernie Cosell) writes: >In article <5493@saturn.ucsc.edu> haynes@ucscc.UCSC.EDU (Jim Haynes) writes: >}There is a misc.security already - don't believe there has been anything >}in it for quite some time. > >[description of fact that misc.security moderator has been unable to reconnect > to news world for 8 months...] >Instead of rushing off to start a new newsgroup, why don't we just unmoderate >misc.security and see how it works moving all of the security stuff OUT of >the random newsgroups for a while. While I'm in favor of a system security group, I an *not* in favor of an unmoderated group. Moderation of the group would accomplish two positive goals: 1) help reduce S/N ratio, and 2) keep overly-descriptive articles from being posted. I can apprieciate the latter goal as a means of protecting the poster as well as the rest of the Usenet community. There are some people (myself included) who find it difficult to describe the solution to a problem without describing the problem itself in nit-picking detail. Perhaps we should form comp.security with a new moderator. I assume that we will be discussing *computer* security, not miscellaneous security issues. Note that the followup field is restricted to news.groups. =============================================================================== ARPA, BITNET: trn@aplcomm.jhuapl.edu UUCP: {backbone!}mimsy!aplcomm!trn 50% of my opinions are claimed by various federal, state and local governments. The other 50% are mine to dispense with as I see fit. ===============================================================================
allbery@ncoast.UUCP (Brandon S. Allbery) (11/24/88)
As quoted from <32417@bbn.COM> by cosell@bbn.com (Bernie Cosell): +--------------- | In article <5493@saturn.ucsc.edu> haynes@ucscc.UCSC.EDU (Jim Haynes) writes: | }There is a misc.security already - don't believe there has been anything | }in it for quite some time. | | Just so -- the call for comp.security is pretty much misguided. The problem | with misc.security is that the moderator moved machines and, apparently, has | not yet been able to reestablish connection to the news world, and so the | list has been moderator-blocked for something like eight months now. | | Instead of rushing off to start a new newsgroup, why don't we just unmoderate | misc.security and see how it works moving all of the security stuff OUT of | the random newsgroups for a while. +--------------- If people would prefer a moderated group, I'm willing to moderate it. (Although I hope someone with a little more free time is willing to volunteer instead.) ++Brandon -- Brandon S. Allbery, comp.sources.misc moderator and one admin of ncoast PA UN*X uunet!hal.cwru.edu!ncoast!allbery <PREFERRED!> ncoast!allbery@hal.cwru.edu allberyb@skybridge.sdi.cwru.edu <ALSO> allbery@uunet.uu.net comp.sources.misc is moving off ncoast -- please do NOT send submissions direct Send comp.sources.misc submissions to comp-sources-misc@<backbone>.