Path: utzoo!attcan!uunet!lll-winken!lll-tis!helios.ee.lbl.gov!pasteur!agate!bionet!apple!vsi1!wyse!mips!sultra!dtynan From: dtynan@sultra.UUCP (Der Tynan) Newsgroups: news.sysadmin Subject: Re: A *Big* Thank You Summary: Thank the guy? Bah, humbug! Message-ID: <2627@sultra.UUCP> Date: 8 Nov 88 23:15:21 GMT References: <361@itivax.UUCP> <367@execu.UUCP> <1252@stiatl.UUCP> Organization: Tynan Computers, Sunnyvale, CA Lines: 48 In answer to all these people who've said we should thank the guy for putting the worm in the system, which scared the living daylights out of a *lot* of system administrators this weekend, I have the following comments; First, a topical joke; Q: What's worse than finding a 'worm' in your 'Apple'? A#1: Finding *half* a worm (think about it). A#2: Knowing that the author will get away with a mere 'slap on the wrist'. Consider the following fictional analogy; "TCPVILLE, IP -- An armed gunman opened fire on the customers in a local fast food franchise, this morning. The gunman, armed with an Ouzi, and several handguns began shooting at random, aiming above the heads of the terrified customers. Luckily, no-one was hurt, but local authorities say the damages may exceed $1M, not including any lawsuits on behalf of the victims. Several parked cars were destroyed, along with some fast food equipment, and most of the plate-glass in the restaurant. A spokesman for the fast food chain issued a public 'thank you' to the gunman, for exposing serious weaknesses in the chains security policy. Furthermore, the spokesman announced stricter security regulations, including 'strip searches' for future patrons, and armed guards at every entrance." Get the point? What's more, my worst nightmare has come true. Last night, a TV anchor referred to Morris as a 'Computer Mastermind'. Really? What would they have called him if his program had actually worked. Most networks in this country, including the banking networks, are not totally impervious to such attacks. The 'failsafe' security is that this kind of CRIME is a federal offence. This is what keeps most 'crackers' away from this kind of thing. Sure, he exposed some serious weaknesses in the overall security, but it would have been a *lot* better if he had just mailed his findings to the appropriate people. What he did will have serious long-term repercussions. In an ideal environment, we might just take his findings, and make the system secure, but in reality, a lot of not-so-computer-literate managers are going to review their INTERNET (and USENET) policies. My wife and I have a bet going; she says that Morris will get a high-paying job in some network company. I say his resume ain't worth beans. If he *does* get 'the ultimate job', want to guess how many *more* attacks there'll be in the coming years? - Der -- dtynan@Tynan.COM (Dermot Tynan @ Tynan Computers) {apple,mips,pyramid,uunet}!zorba.Tynan.COM!dtynan --- God invented alcohol to keep the Irish from taking over the planet ---