Path: utzoo!utgpu!watmath!clyde!att!osu-cis!killer!chasm From: chasm@killer.DALLAS.TX.US (Charles Marslett) Newsgroups: comp.misc Subject: Re: CALL FOR VOTES: DID HE DO US A SERVICE OR NOT? Summary: YES Message-ID: <6081@killer.DALLAS.TX.US> Date: 11 Nov 88 14:56:51 GMT References: <1330@stiatl.UUCP> <202@hsi86.hsi.UUCP> Distribution: na Organization: The Unix(R) Connection, Dallas, Texas Lines: 38 In article <202@hsi86.hsi.UUCP>, wright@hsi.UUCP (Gary Wright) writes: :: In article <1330@stiatl.UUCP> pda@stiatl.UUCP (Paul Anderson) writes: :: >This is a call for votes on whether netters feel that: :: > :: >yes) the recent worm was a service and the fellow should :: > at least be left to die in peace (...if not thanked). :: > :: >no) did us a great disservice and should be prosecuted to :: > the fullest extent of the law. :: I think you missed (at least) two other possibilities: :: :: 1) the recent worm was a service *and* the fellow should :: be prosecuted to the fullest extent of the law. :: :: 2) the recent worm did us a great disservice *and* the fellow should :: at least be left to die in peace. ... :: Personally, I think that it was good that these security flaws were :: pointed out, but that is no excuse for the time and money that was :: wasted. Others have said that there were better ways to go about :: publicizing the security flaws, I agree. On the other hand, I have yet to see a "better" way -- all the ones that have been posted have probably already passed under the bridge and we all know the "hole" was not plugged. My only reservation is that the only really effective way to publicize a security flaw is to do real damage (as someone on the net put it: wrap the car around a tree, and the next time I'll remember to lock it!). So he did no real service? (lock 'em up (:-)!) :: -- :: Gary Wright ...!uunet!hsi!wright :: Health Systems International wright@hsi.uu.net Charles Marslett STB Systems, Inc. <-- apply all standard disclaimers chasm@killer.dallas.tx.us