What are alt.security and comp.security.misc for?

Comp.security.misc is a forum for the discussion of computer security, especially those relating to Unix (and Unix like) operating systems. Alt.security used to be the main newsgroup covering this topic, as well as other issues such as car locks and alarm systems, but with the creation of comp.security.misc, this may change.

This FAQ will concentrate wholly upon computer related security issues.

The discussions posted range from the likes of "What's such-and-such system like?" and "What is the best software I can use to do so-and-so" to "How shall we fix this particular bug?", although there is often a low signal to noise ratio in the newsgroup (a problem which this FAQ hopes to address).

The most common flamewars start when an apparent security novice posts a message saying "Can someone explain how the such-and-such security hole works?" and s/he is immediately leapt upon by a group of self appointed people who crucify the person for asking such an "unsound" question in a public place, and flame him/her for "obviously" being a cr/hacker.

Please remember that grilling someone over a high flame on the grounds that they are "a possible cr/hacker" does nothing more than generate a lot of bad feeling. If computer security issues are to be dealt with in an effective manner, the campaigns must be brought (to a large extent) into the open.

Implementing computer security can turn ordinary people into rampaging paranoiacs, unable to act reasonably when faced with a new situation. Such people take an adversarial attitude to the rest of the human race, and if someone like this is in charge of a system, users will rapidly find their machine becoming more restrictive and less friendly (fun?) to use.

This can lead to embarrasing situations, eg: (in one university) banning a head of department from the college mainframe for using a network utility that he wasn't expected to. This apparently required a lot of explaining to an unsympathetic committee to get sorted out.

A more sensible approach is to secure a system according to its needs, and if its needs are great enough, isolate it completely. Please, don't lose your sanity to the cause of computer security; it's not worth it.