Bugtraq mailing list archives
The ISS Program
From: PAUL () tdr com (Paul Robinson)
Date: Tue, 10 May 1994 22:54:15 -0400 (EDT)
From: Paul Robinson <PAUL () TDR COM> Organization: Tansin A. Darcos & Company, Silver Spring, MD USA ----- A program of the type as ISS is probably okay at the price indicated of $3,000. But for a security package of this type to be provided without source is a dangerous proposition. If it was from the hardware manufacturer this would be a different story - and I note that even IBM is taking a lot of flack from its customers by going to OCO (Object code only) for a number of products on its mainframes. I will also note that the systems that became the most bulletproof and hardened against attacks are the ones where the people who ran the systems were issued full sources to their systems, sufficient to allow them to recompile them if desired. By the time the PDP-11 was obsolete, the RSTS/E system was well-neigh bulletproof. In many cases, the administrators on these systems were teenagers and college students who had lots of time to find holes in the system. Which brings up an issue of how to stop crackers. Robert Heinlein, in his book, "Starship Troopers" raises the issue of what to do to prevent insurrection. "If you make the wolves the guardians of the sheep, it will turn them into sheep dogs." When you've already got more priveleges than God, you don't have to try to break into the system in order to get them. Once you have them, you generally then are of the mindset to want to keep them. This is why turning public housing over so it can be owned by its residents substantially reduces vandalism. People don't trash what is theirs. --- Paul Robinson - Paul () TDR COM Voted "Largest Polluter of the (IETF) list" by Randy Bush <randy () psg com> ----- The following Automatic Fortune Cookie was selected only for this message: Fakir, n: A psychologist whose charismatic data have inspired almost religious devotion in his followers, even though the sources seem to have shinnied up a rope and vanished.
Current thread:
- Re: new iss stuff, (continued)
- Re: new iss stuff Adam Shostack (May 10)
- Re: new iss stuff Pat Myrto (May 10)
- Re: new iss stuff Mark (May 10)
- Re: new iss stuff Karl Strickland (May 10)
- Re: new iss stuff Steven C. Blair (May 10)
- Re: new iss stuff Pat Myrto (May 10)
- Re: new iss stuff Adam Shostack (May 10)
- Time For New Security Package? (was Re: new iss stuff) David Bianco (May 10)
- Re: Time For New Security Package? (was Re: new iss stuff) Tom Fitzgerald (May 10)
- Re: Time For New Security Package? (was Re: new iss stuff) Oliver Friedrichs (May 11)
- ANNOUNCING THE [8LGM] FILESERVER & MAILING LIST INFO Karl Strickland (May 14)
- Re: Time For New Security Package? (was Re: new iss stuff) Gene Spafford (May 14)
- The ISS Program Paul Robinson (May 10)
- wolves and sheep on the inet Timothy Newsham (May 11)
- Re: wolves and sheep on the inet Gene Spafford (May 13)
- Re: wolves and sheep on the inet Steve Simmons (May 13)
- permissions Perry E. Metzger (May 16)
- Re: permissions Pat Myrto (May 16)
- Re: permissions Evil Pete (May 17)
- Re: permissions Pat Myrto (May 17)
- Re: permissions Gene Spafford (May 17)
- Re: permissions Evil Pete (May 18)
- Re: permissions Evil Pete (May 18)