Xref: utzoo news.admin:3890 news.sysadmin:1187 Path: utzoo!utgpu!attcan!uunet!lll-winken!lll-tis!helios.ee.lbl.gov!pasteur!agate!bionet!apple!bloom-beacon!tut.cis.ohio-state.edu!cs.utexas.edu!sm.unisys.com!csun!fedeva!emcard!stiatl!john From: john@stiatl.UUCP (John DeArmond) Newsgroups: news.admin,news.sysadmin Subject: Re: A *Big* Thank You Message-ID: <1261@stiatl.UUCP> Date: 7 Nov 88 21:04:22 GMT References: <361@itivax.UUCP> <367@execu.UUCP> <1252@stiatl.UUCP> Reply-To: john@stiatl.UUCP (John DeArmond) Distribution: na Organization: Sales Technologies Inc., Atlanta, GA Lines: 67 In article <1252@stiatl.UUCP> pda@stiatl.UUCP (Paul Anderson) writes: >In article <367@execu.UUCP> dewey@execu.UUCP (Dewey Henize) writes: >>In article <361@itivax.UUCP> scs@itivax.UUCP (Steve C. Simmons) writes: >>> >>>...a big Thanks to all the folks... We're in your debt, folks. >>>Steve Simmons, Systems Support Mgr, ITI >> >>On the next area of consideration, who's gonna get hold of the bastard >>that caused this and beat the shit out of him? >> Dewey Heinze > >Yes, my thanks too. But I disagree with trashing the kid. He did nothing >more than walk in the front door of you house and let all the hot air out. > >The worm did nothing except scare the shit out of a lot of >people. >Paul Anderson I'd like to echo Paul's sentiment. This kid probably did the network one of the biggest favors possible - it opened our eyes - maybe. I'm fairly new to Unix, having worked with it for about 2 years now (That's rite, boys and girls, i went to school BU [before unix]) so my opinions are a mix of relative neophyte and experienced administrator. One of the things that has marveled me is the incredibly poor documentation for unix. Another is the almost incredible tolerance for known bugs and problems. After all, it's hacker-macho to be able to come up with the cleverest workaround to a problem. Judging from the postings I've seen the last few days, the openings he exploited have been known for quite some time. One posting I saw was a repost of a discussion over 2 YEARS OLD! In other words, we've known these holes were there and, for the most part, ignored them. I can understand a commercial, object-only site like ours being slow in fixing such problems within binaries but there is little excuse for the source licensees to have been bitten. I don't want to sound negative and I don't want to offend anybody but these things need to be said. Yeah, sure, you lost some sleep and it was a pain in the ass, and the network was down for a day and so on.. but look at the up side of the issue. AT THE LEAST, the following happened: 1. An blantant hole was exposed for all to see. 2. Rapid response procedures were given a good workout. 3. Disaster control procedures were exercized. 4. Much beneficial discussion has taken place and will take place regarding this issue. 5. Hopefully some new attitudes about reasonable security willbe formed. 6. Maybe some needed changes to both Unix and the internet will be implemented. 7. The awareness among the user body concerning security will be heightened. Probably the WORST thing that could happen is for the government to make a knee jerk reaction, heavily restricting the Internet, and then assume that peace, harmony and security have been re-established. Lets hope with all our might this does not happen. As far as the kid goes, I think the appropriate response should be to punish him a bit, not for the worm itself, but for taking the chance he did with a bug causing REAL damage. Perhaps a year suspension from school while working in the community. Then we ought to give the kid a medal! After all, he's done in a couple of days what years of preaching by high- powered consultants and officials have not been able to do - spotlight reasonable security. THEN we all ought to get down on our knees and thank our stars that the kid was not bent on destruction.