P.C. CORNER

Safeguard Your Secrets

Like credit cards, e-mail accounts have flourished on the Harvard campus. Along with the pleasant surprise at the convenience of e-mail, users share the belief that an account is a place safe from any undesired intrusions, right?

Wrong.

The resemblance of a computer account to its credit card relative includes the issue of security. While what you lose when some creep makes his way into your account is not a fistful of dollars, your files may be altered, or deleted, and your privacy may be completely violated.

When you use e-mail and other features on computers accessible by a large number of users, you should expect that whatever you do is your own business. For example, you surely don't want your nosy roommate to read an intimate letter or eavesdrop on what you read and post on Usenet.

Unfortunately, some people disagree with your definition of privacy. Consciously or subconsciously, they like poking around other people's accounts. They take pleasure in reading others' e-mail and at times even replying incognito to messages addressed to you. They enjoy posting provocative messages on Usenet using your identity. "To use e-mail is to expose your trail," is the motto by which they live.

Who are these e-mail James Bonds'? They might be your next-door computer science concentrator. Or your Cheshire Cat English teaching fellow. They could even be your most beloved one who just wants to make sure you actually are who you claim to be.

What these folks have in common is an insatiable hunger for information, even when such information is not meant for them. A few are the malicious kind, always wanting to make victims of whomever comes across their adventurous paths. Most probably are just too curious to resist the temptation of exploring other people's electronic mailbox.

There are several ways your account security can be compromised. A common way of handing away your privacy is leaving your account without logging off. At any given time during the weekday one can wander into the Science Center terminal rooms and find some account unattended, its owner having wandered off after checking her e-mail.

If she's lucky, some good samaritan will come along and log her off. If she is unlucky, she may come back the next day and find herself not able to get into her account as a result of some hacker's installing a new password unknown her.

Some users are responsible enough to remember to log out every time they finish an e-mail session. But they might not be cautious enough to safeguard their passwords. Giving away your e-mail account password is like telling someone your PAC. The possible consequences are easy to imagine.

Okay, so you're not one of the above careless e-mailers. You know to log off and never divulge your password to anyone. You even take the extra cautionary step of protecting your account by changing the password every week.

Does that mean your account is now safe? Not really. Die-hard "hackers" are eager to prove their technical prowess and they will try to access your account the hard way: by guessing your password.

Actually, a hacker of this kind is unlikely to deem it worth his time to break into your account by spending hours if not days in an attempt to "crack" your password. What such hackers love to do is to get the "super-user" privilege on a UNIX system such as the ones Harvard uses so that they can play God on the victimized system.

Because UNIX is a user-shared system, each user account is bestowed certain measure of security. For example, when your account was first created (by the system administrator), your home directory was made accessible to you and you alone. No one else could peek at what files you had or what was in those files.

But maintaining the system requires someone to have access to all the parts of the system, and this someone is the system administrator. He or she can log on as the legitimate super-user and from there create or destroy anything on the file system (initializing or deleting a user account). In fact, he or she can recreate or destroy the entire UNIX system.

The super-user's power is indeed enormous. That's why many computer hackers are willing to invest tons of time in getting on some system as the super-user. Fortunately there have been no reports of successful attempts at breaking into the super-user account at Harvard, as those running the system take constant measures to prevent and foil any attempts to do harm.

But individual users need to be aware of the danger of security breaches to their accounts. After all, you have the right to privacy on Internet--and you have to be the one upholding it.

Due to a mechanical error, the last sentence of last week's P.C. Corner was incomplete. It should have read: "Whether it's advice on traveling in India or the latest news on supercomputer design you are looking for, Usenet should be an information source with which you become acquainted."

Haibin Jiu '94, associate photography chair of The Crimson, is the former president of the Harvard Computer Society. His column appears Tuesdays.

Tags