[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NYET--attempted formal specs (again)

On Wed, 2 Aug 1995, Patrick May wrote:

> Nathan Zook writes:
> [ . . . ]
>  > NYET-- Non-Youths Exhibit Temperance.
>  >  
>  > This is a rising, legitamate concern among parents that their children
>  > have all-to-easy access to porn on the internet.  Last year, there
> [ . . . ]
>  >  
>  > But none of these proposals can ultimately succeed.  Here I restate my
>  > NYET proposal from last year for your consideration.  The system is of
>  > necessity ISP-based.  Home-based systems are subject to attacks at
>  > home.  Since many (most?) children are better with computers than
>  > their parents, these attacks can be expected to succeed.
> [ . . . ]
>  >
>  > The NYET-software runs as superuser on the ISP's machine.  All minor
>  > accounts have a corresponding configuration file sitting in their
>  > account owner's parent's directory, which is locked with read/write by
>  > owner only flags.  The correspondence between minor and parent
>  > accounts sits in a file owned by root and similiarly locked.
>  >  
>  > The parent sets the configuration file to permit and deny access to
>  > various parts of the net.  Since it is unreasonable for the parent to
> [ . . . ]
>      Your solution fails against your specified threat.  Children who
> are more software-proficient than their parents will, in many cases,
> be able to access their parents' accounts and modify the configuration
> file (or simply use the account to access the blocked areas).
> Ultimately, all such systems are "home-based" if any accounts used by
> members of the household have or can be granted access to the naughty
> bits (tip o' the hat to M. Python).

Unquestionably, it is not possible to block this hole entirely.  However, 
that does not mean that this proposal is not still superior, at least on 
two points.

First, by moving the monitoring software to the ISP, the instalation & 
configuration becomes much easier and more secure for the parent.  The 
monitoring software itself becomes at least as difficult to hack as the 
rest of unix, and the "Hot Babes Watch" hacks at least are prevented.

Secondly, as we move to challenge-response systems, the ability of Jr. to 
forge parental access drops considerably.  The "Last access on" 
information could clue a parent in.  (Jr. could reset the clock before 
modifying programs at home.)

No one on this list is going to claim that a 17-year old who has been 
hacking since he was ten can be stopped.  That doesn't make these efforts 
doomed from the outset, however.  In particular, I want to avoid 
non-custom "solutions" for minors attempting access.


>      While your proposal is obviously marketable, given the success of
> Prodigy and the prospects for SurfWatch, it does not appear to be
> inherently more secure than schemes that utilize subscriber software.
> Regards,
> Patrick May
> Version: 2.6.2
> iQCVAwUBMB/Jqe5Yg08fDKehAQH16gQAp78uOJX02xNz7/5XYPBcaRZRC8pCWx6K
> oUdOxbGta/l1rKrRGWhJ7WLJy9iaopBcbr4YXNOMPL4Va91DEXkJ5rfJKXC+o7Mz
> jA0wBujVu0DK+S0C49Ah3OoXxX6H0SorbuscvDF2IIw9aGLSezD49H4/GgWvhklo
> Y1Gu5Tfok+Y=
> =FsYi