Path: utzoo!attcan!uunet!ncrlnk!ncrcae!ncr-sd!hp-sdd!hplabs!hpda!hpcuhb!hpsmtc1!markc From: markc@hpsmtc1.HP.COM (Mark Corscadden) Newsgroups: news.admin Subject: Re: A Question Of Ethics (was: Re: A *Big* Thank You) Message-ID: <11770001@hpsmtc1.HP.COM> Date: 8 Nov 88 17:33:51 GMT References: <361@itivax.UUCP> Organization: Hewlett Packard, Cupertino Lines: 42 > In article <1294@tmpmbx.UUCP> pengo@tmpmbx.UUCP (Hans H. Huebner) writes: > >Maybe you should better thank this guy as well, since he revealed some > >nasty bugs in widespread operating systems. He SURELY showed everyone that > >computer systems are not secure, and that security IS a thing one has to be > >aware of. > > People keep saying this. Fact is, I already knew that computer systems are > not secure. I knew that the Internet is not secure. I knew that sendmail is > one of the most insecure mailers around. And I sure hope no one out there > thought differently even before the worm. He didn't teach me a whole lot. He > just wasted my time. And I'm not going to thank someone for wasting my time. Your response, "I already knew that computer systems are not secure", is all the more reason to believe that "this guy" has done more than a little good with this hack. Unfortunately, large communities are almost never motivated by a purely intellectual understanding of a potential danger. No matter *how good* their information is, it's just information and easy to ignore. The sad fact is that people in mass (and individuals too?) react very differently to direct experience then they do to warnings. Witness the many fools (myself included!) who continue to live unprepared on a major California fault line, knowing that it's just a gamble whether a major shaker will hit in the near future - and a sure bet that one will hit before too many decades go by. If mother nature was nice enough to shake to Bay Area with several strong, but not devastating, 'quakes before a really big one hit I'm sure many lives would be saved. My point is that "this guy", by pulling this hack, has had an impact that no amount of discussion and information sharing can equal. And the 'quake analogy is accurate in more way than one: the chances that our networked computer environment will go for another 30 years without a major disaster striking are about as good as my chances of living in the Bay Area for another 30 years without a major earthquake striking. If anything, I'm guessing that this hack, in spite of the amount of money and time it cost, was still mild enough that it will be yesterday's boring news in a month or so, and we're not likely to react strongly enough to the warning it has provided :-( Mark Corscadden