Mailing List Archive

Support open source code!


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: tlug: telnet: different question + others



>>>>> "Thomas" == Thomas O'Dowd <tom@example.com> writes:

    Thomas> All in the spirit of education... I think the post got so
    Thomas> many responses because it was an interesting technical
    Thomas> question about how to do something on a linix box. There
    Thomas> was nothing malicious in any of the responses apart from

No, not malicious.  Just unthinking.  If you don't understand and
describe the security implications, then you may very well be doing
someone, possibly even the perpetrator, a severe disservice.

And not mentioning the ethical implications at all is unethical, to my
mind.

    Thomas> the side effect that if they were successful it might lead
    Thomas> to the attendance records going out of sync with reality.

False.  Some of the suggestions involved clear security breaches
(.rhosts, ssh access without passphrase on a semi-public terminal)
that could possibly be more broadly exploited.  (At the very least, an
intruder with the intent to break the real security on the University
net could almost surely exploit that script to mask their identity.
Remember, on a public access box everyone is root, there's no good way
to be sure that any file on it is secure.)

Certain more or less obvious extensions (eg, an ssh tunnel opened from
the computer room to the student's dorm room, which I am willing to
bet is not prevented by the current security arrangements, being
familiar with my own University's policies) could easily be used to
completely bypass the security.

Until this evening I thought it would go without saying that that's
obviously unethical and quite probably illegal.  But I guess I'd
better be careful and point it out.  "Don't try this at home!"

    Thomas> But that is for the student to decide. Back in our day,
    Thomas> the lecturer handed out an attendance book now and again
    Thomas> and if you were lucky someone would sign your name for you
    Thomas> if you were otherwise engaged that particular day... Of
    Thomas> course your friend runs the risk of a followup headcount,
    Thomas> but the odds were pretty good.

And just how does that open further security holes?  But the computer
variant probably does!

The point is that computers, especially on networks, are only partly
analogous to what happened "back in our day".

-- 
University of Tsukuba                Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Institute of Policy and Planning Sciences       Tel/fax: +81 (298) 53-5091
_________________  _________________  _________________  _________________
What are those straight lines for?  "XEmacs rules."
--------------------------------------------------------------------
Next Nomikai Meeting: June 16 (Fri), 19:00   Tengu TokyoEkiMae
Next Technical Meeting: July 8 (Sat) 13:30   Topic: TBA
--------------------------------------------------------------------
more info: http://www.tlug.gr.jp        Sponsor: Global Online Japan


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links