mem@zinn.MV.COM (Mark E. Mallett) (06/20/91)
In article <1991Jun18.055812.29986@bellcore.bellcore.com> karn@thumper.bellcore.com writes: >In article <1991Jun18.050402.19338@murdoch.acc.Virginia.EDU>, gsh7w@astsun7.astro.Virginia.EDU (Greg Hennessy) writes: >|> Michael A. Covington writes: >|> #Honest people do not go around picking the locks on people's houses or >|> #cars, not even "to test security." I see no reason why the ethics of >|> #computers should be any different. >|> >|> Richard Feinmann did. > >He certainly did -- except that he went after office safes at Los >Alamos during the Manhattan project. He relates quite clearly in his >book "Surely You're Joking Mr. Feynmann" what happened when he tried >to report his safecracking successes to the powers that be so that >something could be done to tighten security. Interesting that I'm not the only person to be reminded by recent threads here of Feynman's lock-picking stories (I mentioned it in another thread the other day). In the chapter, "Safecracker Meets Safecracker," which I just finished re-reading to make sure I remembered it correctly, Feynman provides many anecdotes of his lock-picking exploits. While he mentioned reporting security problems at least twice (one of which more to get under somebody's skin than to really report a problem), most of his stories tell of picking locks just to satisfy his own curiousity and mischievous nature. It's very interesting to compare some of the human failures that he notes in combination locks to those of password protection for computers. They're very much the same. People writing down combinations and putting them in a desk drawer; choosing easily-guessable combinations; leaving locks in a state wherein the combination can be more easily discovered. When he found out that one bigwig brought in a big safe and never changed the combination from the factory setting, he went around trying factory settings on various other safes -- and found that it opened one out of five. (Very good book to read, if you haven't.) -mm- -- Mark E. Mallett Zinn Computer Co/ PO Box 4188/ Manchester NH/ 03103 Bus. Phone: 603 645 5069 Home: 603 424 8129 BIX: mmallett uucp: mem@zinn.MV.COM ( ...{decvax|elrond|harvard}!zinn!mem ) Northern MA and Southern NH consultants: Ask (in mail!) about MV.COM