Path: utzoo!attcan!uunet!husc6!mailrus!uflorida!gatech!hubcap
From: hubcap@hubcap.UUCP (Mike Marshall)
Newsgroups: comp.protocols.tcp-ip
Subject: Morris bashers...
Keywords: He's no hero, but...
Message-ID: <3481@hubcap.UUCP>
Date: 8 Nov 88 16:03:29 GMT
Organization: Clemson University, Clemson, SC
Lines: 32


Dave Emberson (dre@sun.com) points out how  anti-social  and  ir-
responsible  Robert  Morris was to unleash the worm, and is upset
that Mr. Morris is being glorified at the expense of the net  (in
the form of hundreds of man hours put in by worm eradicators).  I
understand the point Mr. Emberson is making, but I  want  to  ask
him...  if  HE  has  known  about  this hole for four years - why
didn't he do something about getting the word out? What  has  Mr.
Emberson  done to help me close the hole? Nothing. Mr. Morris has
seen to it that the sendmail hole, and several others, are mostly
fixed  across  the  whole network. I wonder how many man hours of
work it would have taken to fix sendmail, finger and the ftp  bug
(that  wasn't part of the worm, but has come to light, I believe,
because of the worm), network wide, under any other circumstances
anyone cares to imagine?

I wish the network only had people as trustworthy as me on it :-),
but you know that there are people out there who will take advant-
age of any security hole they find... our  only  hope  is  to know
about those holes & close them.

So, I don't want to applaud Mr. Morris for his poor judgement  in
unleashing  the  worm,  but  I'm glad the holes are fixed now (no
thanks to you Mr. Emberson!).

-Mike Marshall     hubcap@hubcap.clemson.edu    ...!hubcap!hubcap

DISCLAIMER: If Mr. Emberson has spent the last four years  trying
to  get  everyone  he  knows  to  turn off "debug" on their send-
mails... my apologies to him.  It just seems to me that the  worm
issue  points out once again that "security through obscurity" is
no security at all.