Re: NASA's OIG (Orbit Information Group?)

Joe A. Dellinger (jdellinger@amoco.com)
Wed, 30 Aug 95 18:37:48 CDT

	Can this be true? Surely not!

	You realize that giving OIG's computer your host name, username, and
password as you describe would be a HORRIBLE security risk... are they
collecting host/username/password triplets or something?!

	Even if the people at OIG are completely trustworthy, what if THEY
get cracked? It's a cracker's dream, an internet-accessible machine that
people log into from all over the world and freely provide all the information
needed to break into their home accounts!!! If the crackers knew about this
machine it would make a MOST tempting target for them.

	You'd better hope that the security on the OIG machine itself is
top notch... which I suspect it can't be, or they wouldn't have designed
their system in such a dangerous way in the first place!

	Are you really SURE that's what is required? If so this is deserving
of a "comp.risks" posting. I would hope people at NASA would think ahead more
clearly than that...!!!!

	If what you say is true and you really need to use this dangerous
service I would recommend having the OIG ftp the material to an anonymous ftp
site that allows incoming files. Then you could safely download the material
from there.

	If I sound paranoid to you, then I'd hazard that you haven't yet had
to spend hours cleaning up a system that has been maliciously trashed by
invaders from the internet... (not to mention redoing all the work that was
lost).