**************************************************************************** >C O M P U T E R U N D E R G R O U N D< >D I G E S T< *** Volume 1, Issue #1.09 (May 16, 1990) ** **************************************************************************** MODERATORS: Jim Thomas / Gordon Meyer REPLY TO: TK0JUT2@NIU.bitnet COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. -------------------------------------------------------------------- DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Contributors assume all responsibility for assuring that articles submitted do not violate copyright protections. -------------------------------------------------------------------- *************************************************************** *** Computer Underground Digest Issue #1.09 / File 2 of 6 *** *************************************************************** To: tk0jut2 Subject: passwordless account argument in alt.security Date: Sun, 13 May 90 02:54:18 -0500 From: Richard Duffy There is currently a thought-provoking, ongoing argument raging in the Usenet group alt.security, concerning a user at St. Olaf College who deliberately maintains a null password on one of his accounts there. That newsgroup has been engaged in a detailed, continuing discussion of Unix security issues, especially concerning policies about user passwords (forcing users to change them regularly, forcing them to choose from a software-generated list of choices, etc. etc.) and the associated ideas about the general need for security measures. The user in question, Peter Seebach, takes the provocative but firmly held position that Unix is so insecure anyway that there's not even a point in having passwords for user accounts. He advertised in this highly public forum (Usenet) the fact that his own account lacks one, and a major flame-war has ensued, partly precipitated by the fact that someone, possibly a reader of his public admission, promptly logged in to Peter's account and gave it a password, thus temporarily locking him out of his own account. The resulting verbiage has a lot of the usual puerile, vindictive, posturing qualities associated with Usenet flame-wars, but in spite of all that, some interesting points about "hackers," privacy, ethics and trust are beginning to make themselves discernible through all the noise. I highly recommend it to those of you with Usenet access, for a little mind-bending on some issues you might have thought you were already completely decided on. It's also rather entertaining! =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ + END THIS FILE + +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=  Downloaded From P-80 International Information Systems 304-744-2253 12yrs+