alt%aids-unix@sri-unix.UUCP (06/19/83)
From: Howard Alt <alt@aids-unix> Some other comments that I forgot to make or that have been brought to my attention. 1) Usenet land will have to live without this mailing list. There can be no forwarding of this list to Usenet for the obvious reasons...(public spool directories, etc). 2) The usefulness of this list will be directly related to the care that each site takes in choosing the distribution. It is in the intrest of each site to take care that this stuff dosn't get out into public hands. 3) 4.1 has been around for a while, but when 4.2 comes along, I expect a whole pile of new and exciting ways to bring the machine to a halt will be discovered... I think this list will make its usefulness obvious when 4.2 comes out. 4) We need some way to verify the addresses at each site. I suppose this could be done through the "postmaster" (or "root") at each site since (presumably) it is handled by a responsible person. 5) Another way to do the distribution is the following: Have the postmaster or root send in a list of people at each site that should be on the list. Then, distribute the list, have people look over it, and comment on people they know to be "Badguys". Perhaps take a second look at people who refrence each other, or somthing like that. Hopefully, we can come up with a method. Perhaps through the Arpanet Liason, since that name is listed where all can read it and say "a real person". 6) I assume the mail between Arpanet and CSNET is not public access... correct? Please don't flame me about the "Insecurity of mailers", because I know. If someone has any better ideas or thoughts, bring them out into the open. Cheers, Howard.
SJOBRG.ANDY%MIT-OZ%mit-mc@sri-unix.UUCP (06/21/83)
This isn't a flame about the insecurity of mailers (even tho most of them are insecure and the ``bad guys'' know how to get into the queues). However, most sites have insecure @i(mailboxes). What about those sites? (for ex: when oz is on arpa, mailboxes are ftp'able out)
alt%aids-unix@sri-unix.UUCP (06/21/83)
From: Howard Alt <alt@aids-unix> Unforutnatly, the systems that are incredibly insecure must be excluded from the mailing list. Like (sorry), the ITS machines. I'm sure that there are others... Probably a good policy is only Unix machines. (boy am I going to hear about this one...) Howard.
SJOBRG.ANDY%MIT-OZ%mit-mc@sri-unix.UUCP (06/21/83)
From: Andrew Scott Beals <SJOBRG.ANDY%MIT-OZ@mit-mc>
yes, you're going to hear about that one...
Unfortunately, my only net access is via mit, and for some
strange reason (bullheadedness, no doubt), unix is treated
like a toy around here.. (sigh) therefore, all of their
arpa hosts are non-unix machines.
hmm... well, maybe the list could be distributed
to ANY host, but crypt and then uuencode the messages at your
own local host... at least this way, i can get the list,
>and< it's avail only to the pople with the key... (someone
would have to phone or snailmail the key to all of the list
recipients)...therefore, it is `more' secure...unless the
devious types at a site have crypt trojan-horsed to keep
records of keys... (heh heh)
-------FIGMO%usc-eclc@sri-unix.UUCP (06/21/83)
From: Lynn Gold <FIGMO@usc-eclc> Return-path: <@MIT-MC:unix-wizards-request@BRL-VGR> Received: from MIT-MC by USC-ECLC; Mon 20 Jun 83 18:44:18-PDT Received: From Brl.ARPA by BRL-VGR via smtp; 20 Jun 83 21:33 EDT Received: From Aids-Unix.ARPA by BRL via smtp; 20 Jun 83 21:27 EDT Date: 20 Jun 1983 18:22-PDT From: Howard Alt <alt@aids-unix> Subject: Re: More comments about UNIX Security. To: SJOBRG.ANDY@mit-oz, mit-mc@aids-unix MMDF-Warning: Parse error in preceeding line at BRL.ARPA Cc: unix-wizards@brl Message-Id: <83/06/20 1822.366@aids-unix> In-Reply-To: SJOBRG.ANDY%MIT-OZ's message of Mon, 20 Jun 1983 1954 EDT Unforutnatly, the systems that are incredibly insecure must be excluded from the mailing list. Like (sorry), the ITS machines. I'm sure that there are others... Probably a good policy is only Unix machines. (boy am I going to hear about this one...) Howard. ************* You're right (not your idea, but that you're going to hear about this one). What makes you think that Unix is any more secure than any other operating system? Yeah, the ITS machines are insecure, but 1) There are those of us who have our "ARPAnet junk mail" sent to an ITS site, from which it is forwarded to a more secure site. I do this because when my system is off the air for one reason or another (our ECU died Friday and won't be fixed till at least Thursday), I can manually re- route the forwarding to another mailbox where I can answer it without it bouncing back like crazy. As for secure/insecure sites, TOPS-20 and Tenex sites are about as secure as Unix sites. Much of how secure a site is has to do with how it's run. If you have a site on which everybody's mother, brother and sister and pet rock has every available priviledge known to mankind, your site is likely to be less secure than one with a limited number of privileged users. --Lynn -------
greep%su-dsn@sri-unix.UUCP (06/21/83)
I like the idea of encrypting these messages. Among other things, then we can apply the recent discussion about password selection to key selection, e.g. should encryption keys like "unix-wreckers" spelled sideways be disallowed. One problem would be if something happens to encrypt to the string "From" at the beginning of a line, and some losing mail system changes it to ">From". Of course, another way to look at it is that the list will be so successful that soon all the holes will be plugged and there won't be any harm to letting randoms see the messages, which will consist only of congratulatory commendations on doing such a spendid job of fixing everything. With all the wizards around, this should happen in a jiffy (or by the time we all have unix running on our pocket calculators, at which time the issue will become moot since shared systems will have become obsolete).
smh@mit-eddi.UUCP (Steven M. Haflich) (06/25/83)
OS security is such a challenging intellectual problem (like chess) that its public discussion ought to be justified for that reason alone! More practically, everyone on the net should realize that it is almost impossible to restrict information flow. Three people can keep a secret if two of them are dead, as the old saying goes. One wizard at a site receives the security mailing, properly passes it on to other wizards, but all it takes then is for one of them to leak the info innocently of not to unauthorized readers. (E.g., I have friends at a university site, out of state and not on the net, who could reasonably qualify for distribution. What if I innocently pass the stuff onto them, but they incorrectly understand the need for security.) If you want to discuss security issues, best to do it in public. At the very least, assume the discussion IS public, despite best efforts to the contrary.