Remember that Dig Safe is implemented on a state by state basis some of the programs like the one you describe are dreadful. The one in my home state is fairly thorough in checking bona fides before providing the data I believe in setting a fairly low bar for access to this information i.e. can you _prove_ that you have legitimate cause for access to this information. The proof would be do you have fiber/conduit/circuits/pipelines these all have identifiers which can be checked and generally only the customer and the service provider has this information. Not simply whose fibers are in the conduit attached to the railroad bridge. if you own one of those fibers you get access to the information on who else is in the conduit. if you do not you are not privvy to the information. We had a incident where someone accidentally started a fire under a bridge and burned through a PVC conduit knocking phone and data out for the better part of a week for 100,000+ lines. I really do not want that type of information in the hands of a bored teenager so they would be able identify potential targets so that they can be _famous_. Remember when you go to a library to study rare manuscripts you generally need to prove to the curator that you have a legitimate scholarly interest in the documents not simply random curiousity. Scott C. McGrath On Mon, 18 Aug 2003, Mr. James W. Laferriere wrote:
Hello Scott ,
On Mon, 18 Aug 2003, Scott McGrath wrote:
A measured response is needed. Obviosly we do not want the vulnerabilities disclosed to bored teenagers looking for "excitement". We need controlled access to this data so that those of us who need the data to fix vulnerabilities can gain access to it but access is denied to people without a legitimate need for the data. And my statement would be , And who is that authority ? The government ? The Utilities ? The ... ?
The "Dig Safe" program might be a good model for controlling access to Sean's work. This would not preclude further scholarship on Sean's work but it would keep the data out of the hands of the 31337 crowd. Huh ?, Try this on for size , "Hello , I am joe's contracting service & I have a building permit(I do) and I need to dig at ..." If I remeber correctly the "Dig Safe" program will give me the info without so much as a check on the permit or my company name .
But , Something (may) need to be put in place . I for one am not a great fan of any group of "X" that has a vested interest in keeping the information out of the public hands as being the ones to administer or setup or even give suggestions to a body who'd be involved in setting up such a commitee/org./...
I'd really like to see a "Public" forum be used to take suggestions from the PUBLIC (ie: you & I & that neighbor you hate so well) for the guide lines as to who &/or when such info s/b released . Not the Gov. or the Util Alone .
On Sun, 17 Aug 2003, Sean Donelan wrote:
So, the US Government wants to classify Sean Gorman's student project. The question is did Mr. Gorman's maps divulge the vulnerability in the East Coast power grid that resulted in the blackouts this week? Would it be better to know about these vulnerabilities, and do something about them; or is it better to keep them secret until they fail in a catastrophic way? Twyl , JimL -- +------------------------------------------------------------------+ | James W. Laferriere | System Techniques | Give me VMS | | Network Engineer | P.O. Box 854 | Give me Linux | | babydr@baby-dragons.com | Coudersport PA 16915 | only on AXP | +------------------------------------------------------------------+