rcb@rti.UUCP (Randy Buckland) (06/29/87)
I have been watching all the debate over the hacker schloarship and I would
like to make a quick survey about security in general.
1. Who has managed or worked seriously on a system that has had a
breakin. This does not mean a university system where a
student there got a password he should not have. I mean
a system where someone outside the business/university
who had no business on the system at all got in.
a) How did he/she get in?
b) Did they do any damage or just use/play with the
system?
2. How do you feel about hackers? (pick one)
a) Credit to the industry, freedom fighters, security testers?
b) Minor annoyance that can be handled with simple precautions
c) Major annoyance that takes a lot of time and effort to
control.
d) Serious problem, need strong laws, shoot the lot of them.
Now for some terms to be defined.
hacker - Lets just stick to the definition of someone trying to break
into a system where they should not be.
system - Multiuser computer system with serious information on it
pdp-11/vax power or higher. Has things like bank data,
company data, researchers programs, etc. (things that
would take a lot of effort to replace if damaged.)
--
Randy Buckland
Research Triangle Institute
rcb@rti.rti.org [128.109.139.2]
{decvax,ihnp4,seismo}!mcnc!rti-sel!rcbken@argus.UUCP (Kenneth Ng) (06/30/87)
In article <1517@rti.UUCP>, rcb@rti.UUCP (Randy Buckland) writes: > hacker - Lets just stick to the definition of someone trying to break > into a system where they should not be. > Randy Buckland I for one do not agree with this definition at all. Read Steve Levy's "Hackers" for a good definition of one. ... This signature was put in in a way to bypass the ... bogus artificial line limit on the .signature file. ... Also, by its length it adds fodder to help avoid having ... my followups being bounced due to the restriction on ... followup articles. Kenneth Ng: Post office: NJIT - CCCC, Newark New Jersey 07102 uucp !ihnp4!allegra!bellcore!argus!ken *** NOT ken@bellcore.uucp *** bitnet(prefered) ken@orion.bitnet
rcb@rti.UUCP (06/30/87)
In article <928@argus.UUCP> ken@argus.UUCP (Kenneth Ng) writes: >In article <1517@rti.UUCP>, rcb@rti.UUCP (Randy Buckland) writes: >> hacker - Lets just stick to the definition of someone trying to break >> into a system where they should not be. >> Randy Buckland > >I for one do not agree with this definition at all. Read Steve Levy's >"Hackers" for a good definition of one. > I ALSO do not agree with the above as the definition of the term. It is however one common usage for the term and since that is the usage that was being discussed, the term seemed logical. If you wish, use any term you like cracker, breaker, scumbag, whatever. I thought I was reasonably clear that these were the type of people being discussed and the term is commonly used for them (as well as other uses). -- Randy Buckland Research Triangle Institute rcb@rti.rti.org [128.109.139.2] {decvax,ihnp4,seismo}!mcnc!rti-sel!rcb
peter@sugar.UUCP (Peter DaSilva) (07/02/87)
1. No. 2. b. Most can be handled by keeping passwords secret. There are several systems (PRIMOS, for example) where you can get in without a password by means of some chichanery at login. These systems should be identified and avoided. > Now for some terms to be defined. > > hacker - Lets just stick to the definition of someone trying to break > into a system where they should not be. Let's not, because otherwise you're going to alienate a lot of old-time hackers on the network who get, uh, hacked off at people who should know better supporting the idiot-media use of the term. Cracker should be understood by most netfolk by now. -- -- Peter da Silva `-_-' ...!seismo!soma!uhnix1!sugar!peter (I said, NO PHOTOS!)
mwm@eris.BERKELEY.EDU (Mike (My watch has windows) Meyer) (07/04/87)
In article <1517@rti.UUCP> rcb@rti.UUCP (Randy Buckland) writes:
<I have been watching all the debate over the hacker schloarship and I would
<like to make a quick survey about security in general.
Not a bad idea; I just think the survey is slightly broken. Let's hack [*]
on it some....
< 1. Who has managed or worked seriously on a system that has had a
Good question. You left room for all the possible answers. You might
have provided multiple choice for the common cases, though.
< 2. How do you feel about hackers? (pick one)
< a) Credit to the industry, freedom fighters, security testers?
< b) Minor annoyance that can be handled with simple precautions
< c) Major annoyance that takes a lot of time and effort to
< control.
< d) Serious problem, need strong laws, shoot the lot of them.
How about "other - describe?" I don't think any of the answers is
correct.
You're also missing some important questions, like:
N. What kind of data do you store on your system(s)?
a) nothing important
<some other selections>
x) data that is vital to one or more human lives
next(x)) other - describe
next(N). What type of security do you feel is apropriate for
your data?
a) None.
b) None, the law should prevent it from being harmed.
<etc>
x) It should never appear anywhere that it could cause
radiation, or on any permanent storage mieda, in
unencrypted form.
next(x)) other - describe.
<Now for some terms to be defined.
And here's where I think you went really wrong.
< hacker - Lets just stick to the definition of someone trying to break
< into a system where they should not be.
That's the definition in common use, as opposed to the meaning
attached by the people who first applied the term to computer types.
It seriously devaules the term, and "cracker" or something similar
should be used instead. Like trademarks and ethnic stereotypes,
allowing such misuse to pass eventually leads to it being accepted as
normal and correct. So it should be corrected at every occurence.
< system - Multiuser computer system with serious information on it
< pdp-11/vax power or higher. Has things like bank data,
< company data, researchers programs, etc. (things that
< would take a lot of effort to replace if damaged.)
Power should be inconsequential. Especially since buying something new
with less CPU than a VAX 750 (your average MAC has as much cpu as a
750) is hard, and buying something new with less power than a VAX 730
is probably impossible.
Likewise, difficulty to replace and value are different things. The
contents of my mail archives (~20 Meg from the last year) would
probably be impossible to replace. Most of it is worthless, though.
I'm just a packrat. Similarly, almost any micro-based BBS system has a
non-trivial message database. Replacing it is probably impossible;
it's value is probably close to zero.
You've also ignored an important aspect of online data. The amount of
damage done if it's missing may be significantly less than the amount
done if it's changed. I can see it now "Gee, Joe has had every loan
payment in on time. Why don't I make that 'late' instead of 'on
time?'"
This is why you need questions covering the value of the data on the
systems. Leave that aspect out, and just look at users. I'd suggest
something like:
system - A computer system that supports multiple users (not
necessarily simultaneously), trys to verify the
identity of the users, and provides at least the
illusion of allowing one user to protect their data
from other users.
In other words, a system is anything that has some "security" that can
be cracked.
<mike
--
I'm gonna lasso you with my rubberband lazer, Mike Meyer
Pull you closer to me, and look right to the moon. mwm@berkeley.edu
Ride side by side when worlds collide, ucbvax!mwm
And slip into the Martian tide. mwm@ucbjade.BITNETmwm@eris.BERKELEY.EDU (Mike (My watch has windows) Meyer) (07/04/87)
In article <4245@jade.BERKELEY.EDU> I wrote:
<Not a bad idea; I just think the survey is slightly broken. Let's hack [*]
<on it some....
Sigh. After marking that useage for further comment, I forget to make
the further comment. Excuse me while my face turns back to it's normal
pale white from the current nice shade of red.
That sentence demonstrates what I consider to be the correct
definition of the word hack: you've got something that doesn't do
quite what you want it to, so you @i{h} on it till it does what you
want. [The true hacker, of course, never decides that what they want
done can't be done :-].
<mike
--
The handbrake penetrates your thigh. Mike Meyer
A tear of petrol is in your eye. mwm@berkeley.edu
Quick, let's make love before we die. ucbvax!mwm
On warm leatherette. mwm@ucbjade.BITNETblarson@castor.usc.edu (Bob Larson) (07/05/87)
In article <353@sugar.UUCP> peter@sugar.uucp writes: > There are several systems (PRIMOS, for example) where you can > get in without a password by means of some chichanery at > login. Huh what? Not any version of primos I am familiar with, although it may have been true prior to rev 19.0. Do you also make accusations about unix for bugs that exested in v6? Rev 21.0 primos (currently in beta test) will have C2 security as an option. Not many unix vendors can supply C2 security. I've got system administrator (==root) rights on the main prime systems at USC, I will report the bug and get pressure put on to get the bug fixed immediatly if in fact it does exist. Prime does tend to listen to their multi-million dollar customers. Please do inform me about this, USC has a lot riding on the security of their Primes. -- Bob Larson Arpa: Blarson@Ecla.Usc.Edu Uucp: {sdcrdcf,seismo!cit-vax}!oberon!castor!blarson "How well do we use our freedom to choose the illusions we create?" -- Timbuk3
whitney@think.COM (David Whitney) (08/01/87)
In article <4245@jade.BERKELEY.EDU> mwm@eris.BERKELEY.EDU (Mike (My watch has windows) Meyer) writes: >In article <1517@rti.UUCP> rcb@rti.UUCP (Randy Buckland) writes: > >< 2. How do you feel about hackers? (pick one) >< a) Credit to the industry, freedom fighters, security testers? >< b) Minor annoyance that can be handled with simple precautions >< c) Major annoyance that takes a lot of time and effort to >< control. >< d) Serious problem, need strong laws, shoot the lot of them. > >How about "other - describe?" I don't think any of the answers is >correct. > >And here's where I think you went really wrong. > >< hacker - Lets just stick to the definition of someone trying to break >< into a system where they should not be. > >That's the definition in common use, as opposed to the meaning >attached by the people who first applied the term to computer types. >It seriously devaules the term, and "cracker" or something similar >should be used instead. Like trademarks and ethnic stereotypes, >allowing such misuse to pass eventually leads to it being accepted as >normal and correct. So it should be corrected at every occurence. Good. Now, define it as what? I am a Hacker. I am not, however, someone who rudely invades a system and mucks about. I am a Hacker in the sense of the original definition - one who likes to program/design/use computers for the sheer fun of it. I have been a hacker since 1980 or so. That's when I ported Star Trek from some old DEC to an Apple ][plus. It took several weeks, but then, I was only 12. Another discussion going on here is the matter of copy protection and whether the absence of licensing aggreement would cause the industry to be hurt. I say "No!" because there are Hackers who will uncontrollably continue to supply the market with something to use. Remember that software in the public domain, and stuff written around and before 1980 was all Hacker stuff. It just appeared one day, and everybody used it. Those guys who invade systems aren't hackers, they're vandals or tresspassers, depending on what they do while using the system. Those guys who redistribute copies of protected (or unprotected) software are pirates, not hackers. David Whitney, MIT '90 Still learning about my Apple //GS {the known universe}!ihnp4!think!whitney and all of its secrets. Any and all whitney@think.com technical info appreciated. DISCLAIMER: You didn't actually believe all that, did you?
peter@ficc.uu.net (Peter da Silva) (02/09/90)
> One might argue that the hardware-supported security mechanisms > aren't really required, but the hardware support is precisely what is > needed to protect against viruses efficiently (see comp.virus for > discussions about hardware support to limit the capabilities of programs to > modify other programs); Also note that all the capabilities being talked about in comp.virus are available in UNIX simply by making the chmod() system call super-user only. The exotic protection scheme of Multics is what kept it from being reasonably portable, remember. Also note the point that all the code-protection goes out thw window the second you have an interpreted language... and you're back to depending on the security of the language interpreter. -- _--_|\ Peter da Silva. +1 713 274 5180. <peter@ficc.uu.net>. / \ \_.--._/ Xenix Support -- it's not just a job, it's an adventure! v "Have you hugged your wolf today?" `-_-'