| Arpa Network Working Group |
Bob Metcalfe (PARC-MAXC) |
| Request for Comments: |
Dec 1973 |
| NIC #21021 |
|
"The Stockings Were Hung by the Chimney with Care"
The ARPA Computer Network is susceptible to security violations
for at least the three following reasons:
-
Individual sites, used to physical limitations on machine
access, have not yet taken sufficient precautions toward
securing their systems against unauthorized remote use. For
example, many people still use passwords which are easy to
guess: their fist names, their initials, their host name
spelled backwards, a string of characters which are easy to
type in sequence (e.g. ZXCVBNM).
-
The TIP allows access to the ARPANET to a much wider audience
than is thought or intended. TIP phone numbers are posted,
like those scribbled hastily on the walls of phone booths and
men's rooms. The TIP required no user identification before
giving service. Thus, many people, including those who used to
spend their time ripping off Ma Bell, get access to our
stockings in a most anonymous way.
-
There is lingering affection for the challenge of breaking
someone's system. This affection lingers despite the fact that
everyone knows that it's easy to break systems, even easier to
crash them.
All of this would be quite humorous and cause for raucous eye
winking and elbow nudging, if it weren't for the fact that in
recent weeks at least two major serving hosts were crashed under
suspicious circumstances by people who knew what they were
risking; on yet a third system, the system wheel password was
compromised -- by two high school students in Los Angeles no
less.
We suspect that the number of dangerous security violations is
larger than any of us know is growing. You are advised not to
sit "in hope that Saint Nicholas would soon be there".
RMV:rmv
Copyright (C) The Internet Society (1973). All Rights Reserved.