Xref: utzoo comp.protocols.tcp-ip:5232 comp.unix.wizards:12205
Path: utzoo!attcan!uunet!ksr!frapray!dudek
From: dudek@frapray.ksr.com (Glen Dudek)
Newsgroups: comp.protocols.tcp-ip,comp.unix.wizards
Subject: Re: a holiday gift from Robert "wormer" Morris
Message-ID: <389@ksr.UUCP>
Date: 8 Nov 88 19:35:10 GMT
References: <1698@cadre.dsl.PITTSBURGH.EDU> <2060@spdcc.COM> <24@jove.dec.com> <1445@anasaz.UUCP>
Sender: nobody@ksr.UUCP
Reply-To: dudek@ksr.com (Glen Dudek)
Distribution: na
Organization: Kendall Square Research, Cambridge MA
Lines: 29

In article <1445@anasaz.UUCP> john@anasaz.UUCP (John Moore) writes:
>In article <24@jove.dec.com> vixie@decwrl.dec.com (Paul Vixie) writes:
>># the hole [in sendmail] was so obvious that i surmise that Morris
>
>According to press reports, RM spent his summers working at AT&T
>on "Unix Communications Software Security". Anyone with a source
>license check to see if he slipped a trojan horse into uucico
>or uuxqt or something?

I was system administrator at Harvard's computer science computing
facility while Robert Morris was an undergraduate there.  I found him
to be an intelligent and responsible person.  He volunteered his
assistance in solving difficult problems in network configuration and
routing, and helped to make Harvard a major Northeast news and mail
gateway.  He did not exploit his knowledge of UNIX security
deficiencies to break into systems or install trojan horses, though he
well could have.

I do think that if he did indeed release this worm, he showed
extraordinarily poor judgement.  However, I would not consider it
justice to punish him as a criminal.  I am convinced he had no
malicious intent (please, no arguing about intent and breaking the law -
I am talking about justice, not the law).

I do not think the world need worry about holes that Robert Morris
could have created - I think we need to worry about the ones he didn't find.

	Glen Dudek
	ex-postmaster@harvard.harvard.edu