Puzzle of the Day
You discover a security flaw in the operating system on your company's
computer. The flaw enables any user to read any other user's files, regardless
of their protection. You have several choices: you can keep quiet and hope
no-one else discovers the flaw, or tell the company, or tell the system vendor,
or announce it on the Internet.
- Suppose an exploitation of the vulnerability could be prevented by proper
system configuration. Which of the above courses of action would you take, and
why?
- If an exploitation of the vulnerability could be detected (but not
prevented) by system administrators, how would this change your answer to
question 1?
- Now suppose no exploitation of the vulnerability can be detected or
prevented. Would this change your answer, and if so, how?
You can also see this document
in its native format,
in Postscript,
in PDF,
or
in ASCII text.
Send email to
cs153@csif.cs.ucdavis.edu.
Department of Computer Science
University of California at Davis
Davis, CA 95616-8562
Page last modified on 2/17/98