10 Jun
2000
10 Jun
'00
4:40 a.m.
A lot of the security problems would go away if they took the few
individuals they actually catch abusing their net use privilege and dipped
them, slowly, into a hot solder-pot during half-time of a major televised
sporting event.
If they dip a few extra guys, it's OK, since we're overpopulated by 10000%
anyway. An apology would suffice and think of what it would do for the
ratings.
Dick
----- Original Message -----
From: Clint Wolff (VAX collector) <vaxman(a)uswest.net>
To: <classiccmp(a)classiccmp.org>
Sent: Saturday, June 10, 2000 9:34 AM
Subject: RE: In defense of NASA: was Re: Wirin' up blinkenlights
This isn't quite right, but does explain why Internet security
has not improved.
First and foremost, like most other ARPA projects (such as
Multics), the ARPAnet was meant to be a prototype for what
a network could be. One of the base-level assumptions was
that it would provide information sharing between a small
number of trusted and trusting sites.
Yes, the ARPAnet (funded by DARPA - DEFENSE Advanced
Research blah blah) was the prototype for a distributed
communications system built to survive a nuclear attack.
MILnet was built based on this prototype, and is in use
today. It is mostly secure because there are only a few,
tightly controlled, gateways to the Internet.
NSFnet was the publically funded arm developed to facilitate
communication between universities and a few corporations.
For the most part individuals that had access to the Internet
were college upperclassmen, who had a real reason to have
access. My first experience was in the mid-80's, when
more lowerclassmen were being granted access. This
brought about the proliferation of ftp sites with pictures
of nekked women, and the threat from NSF to disconnect
any site (they could do that, and make it stick) engaged
in such a frivolous waste of bandwidth. There still wasn't
a great need for security because the only people having
access were college educated individuals without a great
design to destroy. Hacking into remote computers was done
for the challenge and to discover new stuff.
Then AOL came along :) With the selling of backbone
connections by AT&T and others, and the proliferation of
internet connections that NSF didn't control, NSFnet was
soon overwhelmed and absorbed by the Internet. We now
have an anarchy of competing ISPs tied into the Internet,
and low cost access available to any monkey with a keyboard.
There is now a real need to protect the backbone against
malicious hackers, but no real way to do it.
On Fri, 9 Jun 2000, Douglas Quebbeman wrote:
> > > Is
> > > the lack of security on the Internet possibly a well designed
feature
disguised as a
flaw?
No, it is because much of it is Unix oriented. And Unix
security is just not that good. However, from my own personal experience, I have
never
succeeded in creating a prototype of a system to show to
management that management didn't say "a few more tweaks
and we're done". Although prototypes, both Multics and
ARPAnet were rushed into production because no one wanted
to take the time to stop and do it over again, better the
second time.
regards,
-doug quebbeman