Xref: utzoo news.groups:6144 news.admin:3932 Path: utzoo!attcan!uunet!husc6!ncar!woods From: woods@ncar.ucar.edu (Greg Woods) Newsgroups: news.groups,news.admin Subject: Re: CALL FOR VOTES: DID HE DO US A SERVICE OR NOT? Summary: Choices not mutually exclusive Message-ID: <970@ncar.ucar.edu> Date: 10 Nov 88 00:35:57 GMT References: <1303@stiatl.UUCP> Reply-To: woods@handies.UCAR.EDU (Greg Woods) Distribution: na Organization: Scientific Computing Division/NCAR, Boulder CO Lines: 39 In article <1303@stiatl.UUCP> pda@stiatl.UUCP (Paul Anderson) writes: > >yes) the recent worm was a service and the fellow should > at least be left to die in peace (...if not thanked). > >no) did us a great disservice and should be prosecuted to > the fullest extent of the law. What if you happen to think these two choices are not mutually exclusive? In a way, of course, the worm *was* a service. I for one was NOT aware of the security hole in sendmail, despite the fact that my official job here is maintaining the mail system here which is largely based on that program. Nor is it likely that the FTP security hole would have been revealed to the net as quickly and fixed as quickly had it not been for the "incident" last week. So, at least indirectly, we benefitted from the worm. I also now want to be on the security mailing list(s); I never would have felt that way before. And, also on the plus side, it is clear that no PERMANENT damage was done although it easily could have been. On the other hand, we simply can't ignore the fact that this worm was clearly designed to do what it did; I just don't buy any claims that it was an "accident". It had a number of different penetration methods, one looking to quickly infect hosts on a local network, and another looking for remote networks to spread to. It WASN'T an accident, it was cleverly designed; and we simply can't let it go unpunished, or the next "brilliant" college student that finds a security hole will be tempted to do the same thing. I also do not believe that leaving my back window unlocked is justification for stealing my stereo (stupid though it might be on my part). There ARE other ways of publicizing the existence of security holes without actually exploiting them at GREAT hassle and expense to the entire net. If my neighbor notices that I've left my window unlocked, he doesn't have to break into my house to show that to me. I for one have NEVER heard about any of the security holes used by the worm. If I had, and if I had had fixes, I would certainly have closed them (especially the one in the mail system :-) In conclusion, I think that (if found guilty) Morris should be punished. And not just a slap on the wrist. On the other hand there ARE mitigating circumstances; in this case, the lack of any actual damage to the data on the infected systems (which was also clearly intentional). --Greg