charlie@cca.UUCP (06/24/83)
I would like to comment on attitudes towards people who try to break through security schemes on UN*X and other shared computers. Most writers seem to regard these people as either evil or mis-guided and a detriment to mankind. People exhort hackers to avoid the first step towards that path to crime. I find this attitude fundamentally wrongheaded. Honest hackers are an important resource. They find security holes before criminals do so they can be fixed. System designers invest only as much effort in security as they have to. Security holes should be kept secret only to allow systems people time to fill them; not so they can avoid it. My experience is on DTSS (Dartmouth Time Sharing System). It was developed in an environment where attempts to break security were encouraged. Good hackers were folk heroes. The system as developed was very secure; it had to be, or it wouldn't be useable. Hackers should be particularly tolerable in a university environment. The hackers themselves are learning about computer systems, and other users are learning the insecure operating systems shouldn't be counted on to provide a secure environment. Hackers are the adversaries of those trying to maintain system security, but not the enemies. Think of them as the vaccine that prevents a far worse disease.
rlh@purdue.ARPA (06/24/83)
From: Richard L Hyde <rlh@purdue.ARPA> I agree with those who suggest that a hacker trying to break into systems is not always a bad thing. For a operating systems class I was the TA for a few years ago the first assignment was to get as many passwords and proofs of entry into the system as you could. This was a very eye opening assignment and taught alot about security. It also help me close alot of security holes because the class had to describe what they did to get credit. There was, of course, the rule that anyone who damaged or destroyed anything would FAIL the course and as a side effect not get their degree. Richard L. Hyde rlh@purdue PS This was done before I came to Purdue. ----------