Howdy,

I wrote something like "If someone knowingly publishes the exact syntax
to crash a machine, what is their leagl exposure".

Gregory Steiger responded privately (includes some recommendations on
reading material that is somewhat aside but interesting):


I hope it is Stoll's 'Cuckoo's Egg' that you are planning on reading,
unless you are a UNIX sys admin, in which case 'UNIX System
Administrator's Handbook' really is a standard work. Of course, Stoll
recommends 'The UNIX Hater's Handbook', the only book on UNIX I ever
bought (the others were a gift from a UNIX guru), because it made me
laugh myself silly (sure, NFS corrupts your files, but look how fast it
is!). And I actually learned useful info about such stuff as how UNIX
expands wild-cards from it (significant for using POSIX shell command
from the CI prompt).

I assume that the sort of lawsuit that has us all worried is the 'you
should have warned me that your coffee was hot' variety. Or, in our
context, you should have warned me that crashing my system with ping
would result in lost productivity. As long as we have a supply of
lawyers creating a demand for litigation...

As for security, I take the position that we have a professional
obligation of due diligence to avoid the kinds of problems that I for
one has spent not inconsiderable time fixing. In fact, I will be writing
my final paper for my graduate course in ethics on this issue: standards
for our industry. Stoll recommends a book at the end of 'Cuckoo's Egg',
saying that if they had read and used its approach, they would not have
had their hacker.

--------------------------   end copy   ------------------------------

Couldn't have said it better myself.  Any other opinions?

James (I gotta get a real job) Trudeau

Computer Sciences Corp
Harlingen, Texas

Voice:   (210) 430-7728
Fax:     (210) 412-8531
e-mail   [log in to unmask]