RFC602

Arpa Network Working Group Bob Metcalfe (PARC-MAXC) Request for Comments: 602 Dec 1973 NIC #21021

       "The Stockings Were Hung by the Chimney with Care"

The ARPA Computer Network is susceptible to security violations for at least the three following reasons:

(1) Individual sites, used to physical limitations on machine access, have

 not yet taken sufficient precautions toward securing their systems
 against unauthorized remote use.  For example, many people still use
 passwords which are easy to guess:  their fist names, their initials,
 their host name spelled backwards, a string of characters which are
 easy to type in sequence (e.g. ZXCVBNM).

(2) The TIP allows access to the ARPANET to a much wider audience than

 is thought or intended.  TIP phone numbers are posted, like those
 scribbled hastily on the walls of phone booths and men's rooms.  The
 TIP required no user identification before giving service.  Thus,
 many people, including those who used to spend their time ripping off
 Ma Bell, get access to our stockings in a most anonymous way.

(3) There is lingering affection for the challenge of breaking

 someone's system.  This affection lingers despite the fact that
 everyone knows that it's easy to break systems, even easier to
 crash them.

All of this would be quite humorous and cause for raucous eye winking and elbow nudging, if it weren't for the fact that in recent weeks at least two major serving hosts were crashed under suspicious circumstances by people who knew what they were risking; on yet a third system, the system wheel password was compromised -- by two high school students in Los Angeles no less.

We suspect that the number of dangerous security violations is larger than any of us know is growing. You are advised not to sit "in hope that Saint Nicholas would soon be there".

RMV:rmv