Xref: utzoo news.admin:3947 comp.misc:4044
Path: utzoo!utgpu!attcan!uunet!mfci!hsi!wright
From: wright@hsi.UUCP (Gary Wright)
Newsgroups: news.admin,comp.misc
Subject: Re: CALL FOR VOTES:  DID HE DO US A SERVICE OR NOT?
Message-ID: <202@hsi86.hsi.UUCP>
Date: 10 Nov 88 19:50:26 GMT
References: <1330@stiatl.UUCP>
Reply-To: wright@hsi86.UUCP (Gary Wright)
Followup-To: comp.misc
Distribution: na
Organization: Health Systems Intl., New Haven, CT.
Lines: 36

In article <1330@stiatl.UUCP> pda@stiatl.UUCP (Paul Anderson) writes:
>This is a call for votes on whether netters feel that:
>
>yes) the recent worm was a service and the fellow should
>     at least be left to die in peace (...if not thanked).
>
>no)  did us a great disservice and should be prosecuted to
>     the fullest extent of the law.
>

I think you missed (at least) two other possibilities:

1) the recent worm was a service *and* the fellow should
   be prosecuted to the fullest extent of the law.

2) the recent worm did us a great disservice *and* the fellow should
   at least be left to die in peace.

Other possibilities depend on the level of service you think was provided
by the worm, what kind of damage was caused by the worm, and the punishment 
that should result.

Personally, I think that it was good that these security flaws were
pointed out, but that is no excuse for the time and money that was
wasted.  Others have said that there were better ways to go about
publicizing the security flaws, I agree.

I also wonder what the real intentions were.  According to reports I have
read, the worm was not supposed to be detected.  Ok, so he successfully,
quietly, penetrates 6,000 computers.  Then what?  What would have been 
his next experiment?  Even if he had no malicious intent, who is to say
that his next experiment would not have had a more serious, damaging flaw?

-- 
Gary Wright 					...!uunet!hsi!wright
Health Systems International                    wright@hsi.uu.net