On Thu, 26 Aug 1999 [log in to unmask] wrote:
> On Thu, 26 Aug 1999 12:31:30 EDT, Listserv Admin <[log in to unmask]>  said:

> Now, it's a LITTLE harder to do this *and* dissapear the Listserv reply so
> that the actual list owner doesn't see it, but it's doable by a sufficiently
> determined adversary (hint - the secret is a Denial Of Service attack.  Has
> YOUR system been patched against things like SYN-flooding, or TCP sequence
> number prediction, or any of those OTHER nasty problems? ;)

Well, yes... and no... and no scans past the router...but how about some
perspective here?  I'm not concerned with making anything perfectly
secure, only a fool with a little knowledge might think they could.  I'm
only concerned with making it "as safe as" the existing task of manually
adding hundreds of students to hundreds of lists.  Your argument applies
to both manual and automated ADD jobs and indeed is a good case for not
using listserv at all "because someone could...".  I have been convinced
for some years now that there is no such thing as "security" on an
Internet connected machine, there are only levels of security; my task is
simply to find a level I can live with in some comfort.

--Trish

-------------
Trish Forrest, Queen's University