So three matters,
1) Policy. There is the policy issue of who can run what, including who
is allowed to run programs to try and crack certificates.
2) Discovery. There is the issue that technically anyone can run
anything they like, just by calling it what they like. So how do we find
who is breaking the rules?
3) What action to take. I agree there has to be a consequence for
breaking the rules. Just like anything else in this world otherwise it
does not work.
I'll raise this all at this month's SCG.
Linda
> -----Original Message-----
> From: Testbed Support for GridPP member institutes [mailto:TB-
> [log in to unmask]] On Behalf Of Kostas Georgiou
> Sent: 01 November 2007 13:25
> To: [log in to unmask]
> Subject: Re: Heinz' Challenge
>
> On Thu, Nov 01, 2007 at 11:30:06AM -0000, Cornwall, LA (Linda) wrote:
> >
> > Having said that, it is encouraging that when someone is trying to
break
> > RSA codes it got noticed by sites and the activity was stopped by
many.
> > This means I hope that if a user were to try and break codes in a
more
> > malicious way, e.g. to break a bank's certificate there is a fair
chance
> > it would be spotted. :-)
>
> Being the one that noticed the job I can say that I don't see anything
> encouraging :( I did notice the job *more than a month ago* and
because
> I got distracted with the security of it's pilot job nature I didn't
> even look at what it was tryning to do. Then again nobody else noticed
> anything either.
>
> I am very disappointed, if the user had taken some easy steps (just
> changing the names of the binary/files) I don't think that it would
have
> been spotted *ever*.
>
> If I start sumbitting jobs tomorrow called CancerGeneSolveB3F910c with
> inputs geneXXXXX for example who can tell that I am not cracking
> certificates? Well since I am in dteam and not biomed I'll have to
> think of a different name but believe me *nobody* will notice anything
> wrong.
>
> Given this if we don't have hard penalties for a missuse we'll be
> encouraging users to abuse the system.
>
> Kostas
|