"Bob" Morgan sez:
> Andy Glew sez:
> > Given the number of universities that use AFS, and given how easy
> > hackers find penetrating universities in general (at least to log on
> > as normal users) then there isn't much difference between the AFS
> > world and the web world.
>
> Indeed. Any admin who has thought that the people who have had access to
> AFS all along are somehow a kinder and gentler population than the rest of
> the world is in deep denial. How many CMU/MIT/Stanford/etc students are
> Phrack contributors?
Gentlefolk, I think the denial is running both ways.
The percentage of networked Universities in the world that run AFS is rather
tiny.
To believe that hackers are only in the Big Expensive SuperSmart Universities
is to fool yourself. I recall watching some child at East Nowheresville
University try to break into one of my workstations ... 6 years ago. It's only
easier for them now.
I also think we must remember, especially but hardly solely those of us at
Universities, that some of our biggest "security problems" will come within. I
can tell you tale after tale of CMU students "discovering" bugs and security
loopholes in AFS. Fortunately for CMU, at the time few were ever dangerously
exploited, but a lot of hands got spanked.
I also believe we have ethical quandries: You can lead the horse to water, but
if he resets his ACLs he might as well be licking dirt. Is it ethical to make
sure that people aren't exporting their Mail directory to the universe,
especially when you just -know- they don't read the documentation they're
provided?
You might shrug this off for a student, but imagine some department head
pounding on your door because a rival U. stole plans for a major funding bid.
Seriously.
e.
----------------------------------------------------------------
[EMAIL PROTECTED] Esther Filderman [EMAIL PROTECTED]
Senior System Mangler, News & AFS Dominatrix
Pittsburgh Supercomputing Center
