[EMAIL PROTECTED] <> wrote on Saturday, June 19, 2004 4:49 AM:
> There is nothing to _prevent_ an untrained administrator from granting
> that privilege to all users (I have seen worse), but there is
> a damping
> effect provided by the fact that behavior _defaults_ to constraining
> those users.
[EMAIL PROTECTED] <> wrote on Thursday, June 17, 2004 10:59
AM:
> At 9:52 AM -0700 6/17/04, Blue Boar wrote:
>> Hm? You mean they had to have privs on VMS to allocate a
> listening port?
> What
> does that matter? DECNet doesn't only run on VMS.
>
> But the vast majority of current DECnet usag
At 10:11 PM -0700 6/18/04, Alun Jones wrote:
>If there is not sufficient security in the protocol, and DECnet may have
>enough security, there is certainly not sufficient security in assuming
that
>your fellow network citizens are clever and kind.
There is nothing to _prevent_ an untrained admin
At 9:52 AM -0700 6/17/04, Blue Boar wrote:
>ljknews wrote:
>> A significant difference from DECnet is that with TCP/IP any user on the
>> system can open up a channel (to use a neutral term) to receive incoming
>> traffic, potentially providing a capability to the outside world without
>> the least
Mark Rockman wrote:
I had no idea I was promulgating a syllogism. In fact, I did not intend to.
My point was that the world changed and the software didn't nor did people
change their behaviors to compensate.
The threat-level changed when people hooked computers running critical
applications to th
<[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: Secured by aspStation
Sender: [EMAIL PROTECTED]
Precedence: bulk
Mailing-List: contact <[EMAIL PROTECTED]> ; run by MajorDomo
List-Id: Secu
At 8:55 AM -0500 6/16/04, Michael S Hines wrote:
>The problem started with bad specifications. No thought was given to how
>the ports(UNIX)/services(Win) could be abused - and how to defend from
>abusive attacks.
A significant difference from DECnet is that with TCP/IP any user on the
system can
I think you have made a valid presentation, but come to the wrong
conclusion.
The problem started with bad specifications. No thought was given to how
the ports(UNIX)/services(Win) could be abused - and how to defend from
abusive attacks. The goal/success measure was to 'make it work' - without
Following the logic in the original post...
God is love.
Love is blind.
Ray Charles was blind.
Ray Charles was god.
The origins of security problems are simply based in the designers of the
systems. Humans, on the whole, are a fallible lot. We're not perfect and
when we design systems, it's qu