[no subject]

2004-06-18 Thread der Mouse 
be part of
it anyway.
Date: Thu, 17 Jun 2004 11:56:48 -0400 (EDT)
To: [EMAIL PROTECTED]
Subject: Re: [SC-L] Origins of Security Problems
In-Reply-To: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
X-Virus-Scanned: Secured by aspStation
Sender: [EMAIL PROTECTED]
Precedence: bulk
Mailing-List: contact <[EMAIL PROTECTED]> ; run by MajorDomo
List-Id: Secure Coding Mailing List 
List-Post: 
List-Subscribe: 
List-Unsubscribe: 
List-Help: 
List-Archive: 
Delivered-To: mailing list [EMAIL PROTECTED]
Delivered-To: moderator for [EMAIL PROTECTED]

> A significant difference from DECnet is that with TCP/IP any user on
> the system can open up a channel (to use a neutral term) to receive
> incoming traffic,

This is not so much a difference between DECnet and IP as a difference
between VMS and Unix.

/~\ The ASCIIder Mouse
\ / Ribbon Campaign
 X  Against HTML   [EMAIL PROTECTED]
/ \ Email! 7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Re: [SC-L] Origins of Security Problems

2004-06-18 Thread Blue Boar 
<[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: Secured by aspStation
Sender: [EMAIL PROTECTED]
Precedence: bulk
Mailing-List: contact <[EMAIL PROTECTED]> ; run by MajorDomo
List-Id: Secure Coding Mailing List 
List-Post: 
List-Subscribe: 
List-Unsubscribe: 
List-Help: 
List-Archive: 
Delivered-To: mailing list [EMAIL PROTECTED]
Delivered-To: moderator for [EMAIL PROTECTED]

ljknews wrote:
> A significant difference from DECnet is that with TCP/IP any user on the
> system can open up a channel (to use a neutral term) to receive incoming
> traffic, potentially providing a capability to the outside world without
> the least bit of authentication.  With DECnet (Phase IV or Phase V) on
> VMS such actions require getting a special privilege from the system
> manager (potentially granted to a specific program rather than to the
> programmer).

Hm?  You mean they had to have privs on VMS to allocate a listening
port?  What does that matter?  DECNet doesn't only run on VMS.  Years
ago, I used to be a network admin at a place that had thousands of Win95
and Mac boxes running DECNet.  No such restriction, there.  Had it been
DECNet/OSI that won instead of IP, I don't believe there would be any
significant difference.

BB

Re: [SC-L] Origins of Security Problems

2004-06-18 Thread Crispin Cowan 
Mark Rockman wrote:
I had no idea I was promulgating a syllogism.  In fact, I did not intend to.
My point was that the world changed and the software didn't nor did people
change their behaviors to compensate.
The threat-level changed when people hooked computers running critical
applications to the internet without taking additional precautions. The
insecurity was there in the first place, before the Internet was injected.
Crispin
--
Crispin Cowan, Ph.D.  http://immunix.com/~crispin/
CTO, Immunix  http://immunix.com

Re: [SC-L] Origins of Security Problems

2004-06-18 Thread ljknews 
At 9:52 AM -0700 6/17/04, Blue Boar wrote:
>ljknews wrote:
>> A significant difference from DECnet is that with TCP/IP any user on the
>> system can open up a channel (to use a neutral term) to receive incoming
>> traffic, potentially providing a capability to the outside world without
>> the least bit of authentication.  With DECnet (Phase IV or Phase V) on
>> VMS such actions require getting a special privilege from the system
>> manager (potentially granted to a specific program rather than to the
>> programmer).
>
>Hm?  You mean they had to have privs on VMS to allocate a listening port?
 What
does that matter?  DECNet doesn't only run on VMS.

But the vast majority of current DECnet usage is on VMS.

> Years ago, I used to be a network admin at a place that had thousands of
Win95 and
Mac boxes running DECNet.  No such restriction, there.  Had it been
DECNet/OSI
that won instead of IP, I don't believe there would be any significant
difference.

I don't know the OSI protocol stack, but the NCP side retains the
restriction.
Given the security-mindedness of DEC's implementors the OSI stack might also.