Newsgroups: news.sysadmin Path: utzoo!utgpu!tmsoft!mason Subject: Re: Possible Fines for Virus Perpetrator Message-ID: <1988Nov9.033444.20788@tmsoft.uucp> Followup-To: news.sysadmin Summary: ambiguous (but I think apropos) comments + RT?F?M Reply-To: mason@tmsoft.UUCP (Dave Mason) Organization: TM Software Associates, Toronto References: <456@l5comp.UUCP> <12081@dscatl.UUCP> <16600@agate.BERKELEY.EDU> Distribution: na Date: Wed, 9 Nov 88 03:34:44 GMT In article <16600@agate.BERKELEY.EDU> weemba@garnet.berkeley.edu (Obnoxious Math Grad Student) writes: >‚In article <12081@dscatl.UUCP>, lindsay@dscatl (Lindsay Cleveland) writes: >>> So, it was Robert T. Morris Jr., was it? ƒ>There are thousands of computers out there extremely vulnerable to attack. >Instead of wailing on about class-action suits to recover "damages", all >these sites that just maybe have woken up and plan to actually take secur- >ity seriously should pay RTM in moneys saved from the potential *BILLIONS* Hmmmm.....................^^^ I wonder if Mr. Morris really has a second middle name, like Fred :-) ƒ Just to add a little content to this posting, I think spaf & weemba are both right (did I hear 2 simultaneous gagging sounds? :-). Yes this particular episode was expensive, yes our modern society (and its logical extension, the net) lives by a set of morals and standards, and yes we should enforce laws to make people realize that computer innards are REAL ASSETS, just like BMW's and Lalique Crystal, and yes a lot of these problems were known.....BUT There are either: a) a lot of sysadmins out there who don't think there's much point in taking REASONABLE security precautions, like making sure that trusted programs like mailers don't have wide-open DEBUG modes installed on production machines -or- b) a lot of sysadmins who's bosses don't think there's much point .... and therefore have the sysadmins spend time & effort elsewhere. -plus, of course- c) sysadmins who haven't had the time/training to realize there are security holes that need plugging. I claim that this episode has helped (or at least should help) all 3 groups to see the potential dangers and hopefully people will respond in a positive way and work to plug OBVIOUS, WELL-KNOWN holes like this. Someone should apply to NSF or ARPA for an ongoing grant to produce a set of worms/viruses every year or so that would go out into the net, nose around, and finally send mail back home & to root on the machines affected warning about holes it has managed to wriggle into....if I were running a military network (even a wide-open-friendly military *research* network), I'd certainly do something like that. Just to put in some perspective on Gene's analogy of people using simple locks on their front doors (and how you'd probably not appreciate people breaking in to show you how lax the security was), consider another analogy (which I should point out is not necessarily MORE accurate): If you left your BMW 7xx sitting unlocked on the street in front of your house, and some neighbourhood kid started playing in it, slamming the doors, got a little mud on the seats, you'd be pretty ticked off, and you'd probably start locking the car, even though it's a little less convenient. This would doubtless iritate you...at least until your nextdoor neighbour's unlocked Caddy is ripped off by an amateur car theft ring. Just some ambiguous thoughts on recent events. ../Dave