Publicizing Security Issues

[Al Filipski]

A co-worker and I here have written a paper on "UNIX Security".
We describe the security features of UNIX, the most well-known
ways of breaking in, and countermeasures to be taken against
those who try to break in. The article is similar to the BSTJ
article which appeared just after we had written ours.  We submitted
our article to a major popular computer magazine.  The editor is 
uncertain about possible legal liability should anyone use information 
in the article towards illegal ends.  I do not know at this point if 
it will be published or not.  I'd like to poll the wizards on this point:
Is free circulation of this kind of information a good or bad thing?
I tend to belong to the free-speech school that says that
dissemination of knowledge is a good thing and will strengthen UNIX
security in the long run. For one thing, a problem stands a much
better chance of being fixed if it is well-known.  Second, with
the proliferation of UNIX, there are a great many inexperienced
administrators out there who are sitting ducks. They are often not
hackers themselves and are at a disadvantage against people
who have taken the time and energy to learn security by poking
around themselves.

Experiences, opinions, facts, arguments, flames, etc. are requested
via mail and will be summarized.

--------------------------------
Alan Filipski, UNIX group, Motorola Microsystems, Tempe, AZ U.S.A
{allegra | ihnp4 } ! sftig ! mot ! al
{seismo | ihnp4 } ! ut-sally ! oakhill ! mot ! al
--------------------------------
If not now - whom?  If not me - when?