Arpa Network Working Group Bob Metcalfe (PARC-MAXC)
Request for Comments: 602 Dec 1973
NIC #21021
"The Stockings Were Hung by the Chimney with Care"
The ARPA Computer Network is susceptible to
security violations for at least
the three following reasons:
(1) Individual sites, used to physical limitations
on machine access, have
not yet taken sufficient precautions toward securing their systems
against unauthorized remote use. For example, many people still
use
passwords which are easy to guess: their fist names, their initials,
their host name spelled backwards, a string of characters which
are
easy to type in sequence (e.g. ZXCVBNM).
(2) The TIP allows access to the ARPANET to
a much wider audience than
is thought or intended. TIP phone numbers are posted, like those
scribbled hastily on the walls of phone booths and men's rooms.
The
TIP required no user identification before giving service. Thus,
many people, including those who used to spend their time ripping
off
Ma Bell, get access to our stockings in a most anonymous way.
(3) There is lingering affection for the challenge
of breaking
someone's system. This affection lingers despite the fact that
everyone knows that it's easy to break systems, even easier to
crash them.
All of this would be quite humorous and cause
for raucous eye
winking and elbow nudging, if it weren't for the fact that in
recent weeks at least two major serving hosts were crashed
under suspicious circumstances by people who knew what they
were risking; on yet a third system, the system wheel password
was compromised -- by two high school students in Los Angeles
no l