gypsy@silver.lcs.mit.edu (The Gypsy) (06/26/91)
I just wanted to put in my personal experience with COPS/security, etc...
I wrote Email to the sys admin at the site I was at stateing that I wanted
to run COPS a few times a week (without the password cracker/checker) and
then, if they liked, I would use my previously learned 'cracking' skills
to find holes and then IMMEDIATELY inform them of the problems.
You see, I _used_ to 'hack/crack/break' into systems all the time - I
was younger and thought it 'fun' and 'exciting' to do. I have since
quit doing that (just over 2 years ago actually) - and when the security
at the site I'm at was severely broken, I decided that maybe I could help.
The sys. admin was quite happy for me to do this - and said to look for
any flaws/holes I could find.
Since getting his permission (three days ago), I have uncovered two major
('major' meaning that they granted root-privs.) problems and he promptly
repaired them.
Just goes to show that with the right attitudes (of both the Sys Admin and
the end user) the two can work together in a positive manner.
--
/--------------------------------------------------------------------------\
\ The Gypsy gypsy@silver.lcs.mit.edu The Gypsy /
/ "Can I play with Madness?" - Iron Maiden \
\--------------------------------------------------------------------------/