matthews@eleazar.dartmouth.edu (Jim Matthews) (11/08/88)
In article <1445@anasaz.UUCP> john@anasaz.UUCP (John Moore) writes: > >According to press reports, RM spent his summers working at AT&T >on "Unix Communications Software Security". Anyone with a source >license check to see if he slipped a trojan horse into uucico >or uuxqt or something? >-- As a matter of fact, one of the things Robert did at Bell Labs (while still a high school student, I believe) was fix some of the glaring security holes in uucp (AT&T Bell Laboratories Technical Journal, 10/84). It is very easy in the aftermath of something like this to indulge in the devil theory of crime -- that all bad things must come from evil minds. The more you find out about rtm I believe the more you will find he has in common with the people criticizing his behavior. He has done significant work in computer security, including warning people for years about the security holes that made the worm possible. He has worked as a sysadmin for an arpanet host. He is a serious student of computer science and was making contributions to the field at an age when most of us were trying to learn Pascal. He's also one hell of a great guy, and no one seems more appalled by the effects of his actions than he is. We can argue about the advisability of what he did, but I urge you to resist the temptation to pigeon-hole someone you don't know on the basis of fragmentary information. Jim Matthews Dartmouth Software Development
kovar@husc4.HARVARD.EDU (11/10/88)
In article <10791@dartvax.Dartmouth.EDU> matthews@eleazar.dartmouth.edu (Jim Matthews) writes: >It is very easy in the aftermath of something like this to indulge in >the devil theory of crime -- that all bad things must come from evil >minds. The more you find out about rtm I believe the more you will find >he has in common with the people criticizing his behavior. He has done >significant work in computer security, including warning people for >years about the security holes that made the worm possible. He has >worked as a sysadmin for an arpanet host. He is a serious student of >computer science and was making contributions to the field at an age >when most of us were trying to learn Pascal. He's also one hell of a >great guy, and no one seems more appalled by the effects of his actions >than he is. >We can argue about the advisability of what he did, but I urge you to >resist the temptation to pigeon-hole someone you don't know on the basis >of fragmentary information. >Jim Matthews I may be a really nice guy but if I, by accident, kill someone by driving recklessly, the state of MA is going to toss me in jail for manslaughter. And I'd expect as much. Nice people are just as responsible for their actions as "evil" people. If we fail to prosecute someone just because they appear to be nice, brilliant, et al, then what's to stop many others from doing similar things and claiming "I'm just as nice as RTM! Let me go." With the press holding RTM up on high many a hacker is going to say, "This is how I get recognition! This is how I get a job!" And, surprise!, it'll work. Set an example and set it before things get out of hand. If at all possible, punish RTM to the fullest extent of the law. It may be more than he deserves but unfortunately (?) someone must set the example and show that such anti-social activities are not acceptable. Perhaps a suitable punishment, at least in this case, is just denying RTM access to any systems that connect to any other systems. You pollute our nest and we're going to toss you out of it. -David Kovar Technical Consultant Harvard University
paulr@prapc2.UUCP (Paul Raulerson) (11/12/88)
In article <10791@dartvax.Dartmouth.EDU> matthews@eleazar.dartmouth.edu (Jim Matthews) writes: >In article <1445@anasaz.UUCP> john@anasaz.UUCP (John Moore) writes: >> >>According to press reports, RM spent his summers working at AT&T >>on "Unix Communications Software Security". Anyone with a source >>license check to see if he slipped a trojan horse into uucico >>or uuxqt or something? [deleted text] >It is very easy in the aftermath of something like this to indulge in >the devil theory of crime -- that all bad things must come from evil >minds. The more you find out about rtm I believe the more you will find >he has in common with the people criticizing his behavior. He has done >significant work in computer security, including warning people for >years about the security holes that made the worm possible. He has >worked as a sysadmin for an arpanet host. He is a serious student of >computer science and was making contributions to the field at an age >when most of us were trying to learn Pascal. He's also one hell of a >great guy, and no one seems more appalled by the effects of his actions >than he is. > >We can argue about the advisability of what he did, but I urge you to >resist the temptation to pigeon-hole someone you don't know on the basis >of fragmentary information. > >Jim Matthews Gee, What a *HELL* of an attitude to take about someone who has just cost a lot of people and organizations a terrifically large amount of resources. To a great extent, this wonderful wacky and extremely open net of ours is self policing. People who abuse their privs most often loose them. Once, when I was a tad younger, I might have agreed with you about showing more compassion and understanding, but since I have been running this system at some cosiderable expense, and deaing professionally with the government for about 10 years, I feel that this self policing action should be encouraged. After all, there is nothing in the world stopping Mr. Morris from going off and starting his own network, as secure as he wishes now is there? But participation in a group environment means you have to be responsible enough to realize that other peoples' resources are NOT your personal private toys to play with. I think it is far more humane to have Mr. Morris recognized by System Adminsitrators everywhere as a security risk, and be denied access, with threat of legal action is his illegal activites continue, than it is to slap him on the wrist and tell those same System Adminstrators that he CANNOT be denied access because he really didn't mean it and is sorry for what he did. People have to be responsible for themselves, and yes, they have to realize everyone makes mistakes and be willing to "forget" them. However, there is *always* a price associated with such forgetfulness, and Mr. Morris, or whoever the guilty critter was, has yet to pay for his play. This isn't really a personal attack on anyone, it is just more of a defense of the openess we all share here, and what it may take to keep it open. Anyone wishing to has the matter over some more, your welcome to mail me and if it seems reasonable, I'll summarize the opinions and post 'em back as a single message. -- Paul Raulerson & Paul Raulerson & Associates +---------------------------+ Data/Voice: 1+215-275-2429 / 1+215-275-5983 | OS/who? Why bother? Isn't | Cis: 71560,2016 Bix: paulr | Mess-Dos bad enough? | UUCP: ...!rutgers!lgnp1!prapc2!paulr +---------------------------+
der@sfmag.UUCP (D.Rorke) (11/16/88)
> >According to press reports, RM spent his summers working at AT&T > >on "Unix Communications Software Security". Anyone with a source > >license check to see if he slipped a trojan horse into uucico > >or uuxqt or something? > >-- > > As a matter of fact, one of the things Robert did at Bell Labs (while > still a high school student, I believe) was fix some of the glaring > security holes in uucp (AT&T Bell Laboratories Technical Journal, > 10/84). The author of the article you reference was not the Robert Morris under suspicion (although it may be his father). The biographical notes at the end of the paper indicate that the Robert H. Morris who co-authored the paper had been employed at Bell Labs since 1960. > It is very easy in the aftermath of something like this to indulge in > the devil theory of crime -- that all bad things must come from evil > minds. The more you find out about rtm I believe the more you will find > he has in common with the people criticizing his behavior. He has done > significant work in computer security, including warning people for > years about the security holes that made the worm possible. He has > worked as a sysadmin for an arpanet host. He is a serious student of > computer science and was making contributions to the field at an age > when most of us were trying to learn Pascal. He's also one hell of a > great guy, and no one seems more appalled by the effects of his actions > than he is. Being a "great guy" is not sufficient. As members of society we are also expected to exhibit a reasonable degree of responsible judgement. Perfectly nice people get roaring drunk, get into their cars, and unintentionally run over little children. Although this analogy is lacking in some ways it is meant to dramatically make the point that nice, well intentioned people can do irresponsible things that cost the rest of society a great deal. Such people must be held accountable for the results of their irresponsibility. The person responsible for this virus may in fact be a "great guy" in many ways and may not have thought there was anything wrong with what he was doing. If so, he had a very poor understanding of the ethics involved. Although we may feel sorry for him we cannot afford to easily excuse such poor judgement. > We can argue about the advisability of what he did, but I urge you to > resist the temptation to pigeon-hole someone you don't know on the basis > of fragmentary information. > > Jim Matthews > Dartmouth Software Development Dave Rorke attunix!der