Path: utzoo!attcan!uunet!husc6!purdue!spaf From: spaf@cs.purdue.edu (Gene Spafford) Newsgroups: news.sysadmin Subject: Re: No RTM trial? Message-ID: <5432@medusa.cs.purdue.edu> Date: 15 Nov 88 14:37:09 GMT References: <16953@agate.BERKELEY.EDU> <5424@medusa.cs.purdue.edu> <16966@agate.BERKELEY.EDU> Sender: news@cs.purdue.EDU Reply-To: spaf@cs.purdue.edu (Gene Spafford) Organization: Department of Computer Science, Purdue University Lines: 63 In article <16966@agate.BERKELEY.EDU> weemba@garnet.berkeley.edu (Obnoxious Math Grad Student) writes: >Really? I read in the papers that you were visited by NSA types, Gene. >Who apparently wanted the code kept under wraps. Can you clarify? It wasn't the NSA, per se, but the NCSC. Admittedly, they are an agency affiliated with the NSA, but they aren't the same thing. I wasn't visited by them, I got some e-mail and a phone call. The folks there are paid to worry about computer security, and they do a reasonable job of it. They requested that anything we might have that could be used to recreate the virus code not be widely distributed. No threats, no rules, just a request for cooperation. For now, everyone I know who may have reverse-engineered code is willing to go along with that suggestion. >Ah, I see you are arguing closer to my side now. One as might as well >make it a dandy all-purpose worm, with lots of include files for mix >and match bug exploitation. I'm not arguing *any* side. I'm saying what I've been saying all along -- this could be written by lots of people, and many people could recreate the code. Tightening security is not going to be sufficient protection all by itself, even if we could get everyone to do it. We need to work on the security threats as well as the security holes. >I don't know. If current laws *do* apply to Morris's actions, does pro- >viding the code make one an accessory? If providing code makes one an accessory, then AT&T, Berkeley, DEC & Sun will be co-defendents at the trial. Publishing the code is not illegal in any way, unless all the variables are named in such a way that reading the code presents a pornographic story. :-) By analogy, I can purchase books on toxicology and I can mix up poisons in my basement -- legally. However, if I attempt to dump some in the local water supply, I'm in deep doo-doo with the legal authorities. By the same token, selling a gun doesn't make the store owner an accessory so long as s/he follows all applicable laws in the sale. The concept is well-established in law and would apply to the worm, too. (However, note that I'm not a lawyer, so you're getting what you pay for, advice-wise.) >There have been calls for a virus RFC, and also rumors that NSA is going >to prepare a report on it too. Yeah, I'm working on a paper for it now, and a few people have nominated me as the one to do the RFC. We'll see. If nothing else, I will shortly have a tech report with a functional description of how the worm infects a system and what it tries to do. I've had a chance to go through 2 completely separate reversed-engineered versions of the code (the only person to do so, I think). I'll have the material ready by the end of the week, I hope. >What's that ancient Jewish curse? "May you live in interesting times." Better than living in California.... :-) -- Gene Spafford NSF/Purdue/U of Florida Software Engineering Research Center, Dept. of Computer Sciences, Purdue University, W. Lafayette IN 47907-2004 Internet: spaf@cs.purdue.edu uucp: ...!{decwrl,gatech,ucbvax}!purdue!spaf