From: Nathan Zook <nzook@bga.com>
To: Patrick May <pjm@ionia.engr.sgi.com>
Message Hash: b7b37aaa1b05b85560b6189741e7af9bce5081c3656e47aceaa10ad2e100ca6f
Message ID: <Pine.3.89.9508021848.D3366-0100000@maria.bga.com>
Reply To: <199508021853.LAA10598@ionia.engr.sgi.com>
UTC Datetime: 1995-08-02 23:43:14 UTC
Raw Date: Wed, 2 Aug 95 16:43:14 PDT
From: Nathan Zook <nzook@bga.com>
Date: Wed, 2 Aug 95 16:43:14 PDT
To: Patrick May <pjm@ionia.engr.sgi.com>
Subject: Re: NYET--attempted formal specs (again)
In-Reply-To: <199508021853.LAA10598@ionia.engr.sgi.com>
Message-ID: <Pine.3.89.9508021848.D3366-0100000@maria.bga.com>
MIME-Version: 1.0
Content-Type: text/plain
On Wed, 2 Aug 1995, Patrick May wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Nathan Zook writes:
> [ . . . ]
> > NYET-- Non-Youths Exhibit Temperance.
> >
> > This is a rising, legitamate concern among parents that their children
> > have all-to-easy access to porn on the internet. Last year, there
> [ . . . ]
> >
> > But none of these proposals can ultimately succeed. Here I restate my
> > NYET proposal from last year for your consideration. The system is of
> > necessity ISP-based. Home-based systems are subject to attacks at
> > home. Since many (most?) children are better with computers than
> > their parents, these attacks can be expected to succeed.
> [ . . . ]
> >
> > The NYET-software runs as superuser on the ISP's machine. All minor
> > accounts have a corresponding configuration file sitting in their
> > account owner's parent's directory, which is locked with read/write by
> > owner only flags. The correspondence between minor and parent
> > accounts sits in a file owned by root and similiarly locked.
> >
> > The parent sets the configuration file to permit and deny access to
> > various parts of the net. Since it is unreasonable for the parent to
> [ . . . ]
>
> Your solution fails against your specified threat. Children who
> are more software-proficient than their parents will, in many cases,
> be able to access their parents' accounts and modify the configuration
> file (or simply use the account to access the blocked areas).
> Ultimately, all such systems are "home-based" if any accounts used by
> members of the household have or can be granted access to the naughty
> bits (tip o' the hat to M. Python).
Unquestionably, it is not possible to block this hole entirely. However,
that does not mean that this proposal is not still superior, at least on
two points.
First, by moving the monitoring software to the ISP, the instalation &
configuration becomes much easier and more secure for the parent. The
monitoring software itself becomes at least as difficult to hack as the
rest of unix, and the "Hot Babes Watch" hacks at least are prevented.
Secondly, as we move to challenge-response systems, the ability of Jr. to
forge parental access drops considerably. The "Last access on"
information could clue a parent in. (Jr. could reset the clock before
modifying programs at home.)
No one on this list is going to claim that a 17-year old who has been
hacking since he was ten can be stopped. That doesn't make these efforts
doomed from the outset, however. In particular, I want to avoid
non-custom "solutions" for minors attempting access.
Nathan
> While your proposal is obviously marketable, given the success of
> Prodigy and the prospects for SurfWatch, it does not appear to be
> inherently more secure than schemes that utilize subscriber software.
>
> Regards,
>
> Patrick May
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
>
> iQCVAwUBMB/Jqe5Yg08fDKehAQH16gQAp78uOJX02xNz7/5XYPBcaRZRC8pCWx6K
> oUdOxbGta/l1rKrRGWhJ7WLJy9iaopBcbr4YXNOMPL4Va91DEXkJ5rfJKXC+o7Mz
> jA0wBujVu0DK+S0C49Ah3OoXxX6H0SorbuscvDF2IIw9aGLSezD49H4/GgWvhklo
> Y1Gu5Tfok+Y=
> =FsYi
> -----END PGP SIGNATURE-----
>
Return to August 1995
Return to “pjm@ionia.engr.sgi.com (Patrick May)”