Path: utzoo!utgpu!attcan!uunet!amdahl!pacbell!att!occrsh!rjd From: rjd@occrsh.ATT.COM (Randy_Davis) Newsgroups: comp.misc Subject: Re: Possible Fines for Virus Perpetrator Summary: OK- completely non-destructive Keywords: Morris, virus, internet Message-ID: <447@occrsh.ATT.COM> Date: 9 Nov 88 19:31:57 GMT References: <456@l5comp.UUCP> <440@occrsh.ATT.COM> <312@pte.UUCP> Reply-To: rjd@occrsh.UUCP (Randy_Davis) Distribution: na Organization: AT&T Network & Data Systems, OKC Lines: 54 In article <312@pte.UUCP> car@pte.UUCP (Chris Rende) writes: [.....] %- "relatively non-destructive": What does that mean? Contradiction in terms. % How would you like it if someone did something % to your car? your house? your person? % %If you left your car door unlocked in a parking lot, how would you like to %find someone sleeping in it. That's right? Sure is!!! Not something you would like, but what did it hurt???? Perhaps the person sleeping in it protected it from being vandalized (to take the stupid analogy to the logical conclusion). Concerning this rather mindless comment: What is so contradictory about "relative non-destructive"??? Destruction is always relative to what one wants. Think about it.... %It was not necessary to let the worm/virus loose on the world in order to % that a problem existed. % %car. %-- %Christopher A. Rende Multics,DTSS,Shortwave,Scanners,StarTrek %uunet!{umix,edsews}!rphroy!pte!car TRS-80 Model I: Buy Sell Trade %Motorola VME1131 M68020 SVR2 Precise Technology & Electronics, Inc. Riiiiight. Perhaps I mispoke myself. I should have said "Completely Non- destructive", because the only damage done to the machines was the slowdown brought about by the worm generating lots of requests to other machines. There is already a mechanism in place to limit the number of network transactions most protocols will do in a given time period. Why not in this software? Bugs in software are constantly being announced. Bugs that allow root access even. Many are ignored or just not announced loud enough because lazy administrators do not realize the damage that can be done. This bug had a HUGE potential for harm, which may have already occured without the admins even knowing it (regarding the theft of information). Since this bug COULD have been implemented in such a way that it could operate totally without detection, those administrator probably owe this guy a LARGE thanks for pointing out to them the hole existed in such a way that they could not ignore. It is VERY possible that someone before this guy found it and was using it to swipe information in a TOTALLY undetected manner. ON THE OTHER HAND - Maybe prosecution should follow, as the only reason it was noticed was via a bug in the author's own program, otherwise it WOULD have possibly gone undetected.... (Thinking about this from an "intent" point of view.) Come On - THINK about it.... Randy