In-Reply-To: <199504051706.NAA09781@server.nww.com>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII



On Wed, 5 Apr 1995, Adam Gaffin wrote:

> > I did say IF!  When Microsoft was touting LAN Manager, there was lots of 
> > hype about how insecure and unmanagible TCP/IP was.  Now Microsoft is 
> 
> And the press is still reporting how insecure TCP/IP is.  Because in its 
> basic form it is. And system administrators around the world 
> refuse to do anything about well known security holes in TCP/IP, with the 
Of course Windows provides great security.  Some servers don't even 
require a pasword.

> result that we've still got widespread system hacking (Mitnick exploited 
> a hole that was first reported 10 years ago!).  Has nothing to do with 
> Eevil Bill Gates.

There are people who put "shell accounts" with no restrictions and then 
designate that gateway as a trusted host.  The alternative is to ship
all unix systems with all security features turned on.  This product is
sometimes called a "Fire-Wall" server.

> > > on something smaller than a SPARCstation, or maybe if all the Unix vendors
> > Minix ran on an 8086, Linux runs on a 386SX with 4 meg of RAM (try running
> > NT or Windows 95 on that).

> And try convincing my wife, the prototypical Normal Person (i.e., of the 
> non-geek persuasion) to boot up Linux on our 386SX (or even better, try 
> convincing her there's a reason to in the first place, which there isn't). 
> Ha! There are far more people like her than there are like you or me. 

How about that for $70, she will have a nice friendly GUI interface to 
write, paint, draw, spread-sheet, and most of her favorite applications
without risking a $25,000 fine for software piracy, or having to shell 
out another $800 for Microsoft Applications.

> > By the time the first implimentation of Microsoft Windows came out, Sun
> > had a full blown Mouse and Windows implementation, including File Manager.
> > I remember working with the Sun 1 in 1985 (about two weeks after we got
> > our Macintosh).
> 
> Very nice.  And did Sun make any attempts to sell their
> workstations to the consumer/small business/department market? No.  They
Actually, Sun is a leading vendor in the Business market.  By 1990, they 
were leading the industry in workstation sales.  When Windows 3.0 came out,
we showed both SunOS and Windows - both were about $5000 at the time.  
The first thing people noticed was that the Windows box made them WAIT
for all sorts of things.

> were too busy selling expensive (for consumers) workstations to
> engineering types. Nothing wrong with that, they made a ton of money, but
> now it's too late, and again, it had nothing to do with Microsoft.  
Windows 3.0 came out shortly after X11/R4.  X11R4 could run multiple 
applications on multiple servers as if they were running on the local 
"Terminal".  Windows 3.0 could barely run 2 applications at the same 
time.  When you went from one DOS box to another, the DOS box that wasn't 
selected stopped processing.  Many Windows applications would take control
of the mouse and key-board to the point where the only way out was to power
down.  The X11 ICCCM rules made it possible to almost always recover from
a frozen application without rebooting.

> > Prodigy was even less subtle.  When the FBI caught an infamous hacker, they
> > made it part of their "Highlights" for about 3 days.  Even O.J. didn't
> > make the front screen that week :-).
> 
> Prodigy is owned by IBM and Sears.  Is this IBM's attempt to foist 
> OS/2 on the world?
No, it's IBM's attempt to foist APPC on the world.  Actually, Prodigy is 
now offering Web Browsers, but no "Shell accounts".  They are now in 
direct competition with netcom, digex, and slip providers.  What better 
way to justify the $9.00+$1.00/megabyte than to highlight the risk of 
making a SLIP connection using a vender who charges $20/month for >200 hours.

> > Imagine what would have happened if we sensationalized every car accident 
> > and car jacking that occured on an interstate.  People would have never
> > bought cars because the roads were so dangerous.  The internet is often
> > depicted like some sort of "Electronic Downtown Newark".  It's more like
> > any other community of 30,000,000.  There are bad apples, but most are
> > pretty good solid citizens.
> Here I agree with you.  The press devotes far too much attention (in my 
> humble opinion, of course) to hacking/pornography/pedophiles -- seems 
> like every time a reporter gets on the Internet beat these days, the 
> first story he does is "Smut, bomb plans available on computer net!"  But
> that doesn't mean we shouldn't pay attention to big hacker stories.  
> Mitnick, in my opinion, deserved all the attention he got.

As you pointed out above, Mitnick penetrated a poorly secured system that 
didn't even have auditing capabilities, used a hole that has been known 
about (and closable) for 10 years, and accessed information that wasn't 
encrypted or protected.  The prodigy story made it look like Mitnick had 
hacked his way through the most sophisticated firewalls the FBI could 
construct.  It's a bit like the leaving the key to the Jewelry Store 
under the Welcome Mat and reporting that a master thief had penetrated 
the most sophisticated security system ever devised.

Mitkin had to tell them he had been there.

> Adam Gaffin
> Network World, Framingham, Mass.
> agaffin@nww.com / (508) 820-7433


From rballard@cnj.digex.net Thu Apr  6 12:33:27 1995
Status: O
X-Status: