root@utoday.UUCP (Ross M. Greenberg) (11/13/88)
As part of a followup story we're doing on the InterNet Worm and its ramifications throughout the industry, we'd like to ask all the sys-admins and others in a position of hiring programmers: "Given the opportunity to hire the creator of the InterNet Worm, would you?" also: "Would you feel comfortable hiring a company who opted to hire the creator of the InterNet Worm?" Please address your comments to: uunet!utoday!views. We'll summarize, of course, both in print and back acorss this newsgroup, so there is no need to followup - just send mail. (Please remember that, as of the above date and time, no one has been convicted of any crime, so we opt to consider the wider picture: The Worm as an entity without a name....) Thanks! Ross M. Greenberg UNIX TODAY! uunet!utoday!greenber
lyndon@nexus.ca (Lyndon Nerenberg) (11/14/88)
In article <456@utoday.UUCP>, root@utoday (Ross M. Greenberg) writes: >As part of a followup story we're doing on the InterNet Worm and its >ramifications throughout the industry, we'd like to ask all the sys-admins >and others in a position of hiring programmers: > >"Given the opportunity to hire the creator of the InterNet Worm, would you?" Hmm ... First question *I* would ask is "do you do other things besides read/post news when you're logged in as root?" How can I place any credibility in your reporting when your actions show you aren't paying any attention to anything that has been discussed here ...
friedl@vsi.COM (Stephen J. Friedl) (11/15/88)
In article <456@utoday.UUCP>, root@utoday (Ross M. Greenberg) writes: >As part of a followup story we're doing on the InterNet Worm and its >ramifications throughout the industry, we'd like to ask all the sys-admins >and others in a position of hiring programmers: > >"Given the opportunity to hire the creator of the InterNet Worm, would you?" Then somebody says: > Hmm ... First question *I* would ask is "do you do other things besides > read/post news when you're logged in as root?" > > How can I place any credibility in your reporting when your actions > show you aren't paying any attention to anything that has been > discussed here ... OK folks, time for a mild flame. I see people picking on the various UNIX Today people, and I think it really sux. First, what is so terrible with reading news as root? It's his site, he's the sysadmin, and he's not hiding his real name. Why in the world would anybody care about this? This just looks like gratuitous belittlement of others to me. Second, the "...you aren't paying attention to anything..." is really silly. Somebody has posted a "DID HE DO US A SERVICE OR NOT?" request for pseudo-votes, and I've not seen anybody flame him for this "silly" question. People who object to having their opinion asked must not have a very high opinion of *themselves*. Finally, why are people so upset in general that there are now journalists on the net (especially active ones)? UNIX has obviously grown enough to warrant an industry biweekly magazine such as UNIX Today -- this is supposed to be a good thing. Assuming that there *will* be a magazine like UT! (there obviously will), there are a couple of ways they could treat the net, and the way that the net would (has) responded to each: They could ignore us ---> "These bozos won't even get on the net to see what we really think" [e.g. _Byte_] They could summarize or report on net activity without contributing or asking anybody ---> "Those bozos quoted me without asking!" -or- "Those bozos think they are correctly gauging the consensus of the net - ha." They could ask us what we think ---> "These bozos don't read the newsgroups" or "These bozos are using the net for commercial purposes (gasp!)." Hey, you've defined it that they can't win no matter what they do. Do you want them to think that we're a bunch of snotty UNIX.bigots? Only people with a BSEE are allowed to post? Only those on the ANSI committee? Please excuse the rest of us. These people report on us, ask us for advice and our opinions, and they get snotty postings in response. What kind of adults are we? Yes, I happen to like UNIX Today! They are trying hard to cover a dynamic industry -- *my* industry -- and for people who are new to UNIX, I think they're doing a pretty durn good job. They understand that there is a cultural flavor to UNIX (and the net) and they are trying to acquire it so they can be better reporters. Why don't we help them rather than insult them? Keep in mind that this is not some basement rag. Their parent, CMP Publications, puts out _EE Times_ and _Computer Systems News_, both well-respected tradeweeklies. If you don't read them, you should. UNIX Today! had a good interview with Brian Kernighan the other week. This is so terrible? So folks, lay off. If you have a legitimate gripe with a posting or an article in their magazine, send them a note. They do respond, and they seem genuinely interested in feedback from us on their mistakes; you might even do some good or (shudder) get your name in the paper. If your gripe is just to bitch, send it to /dev/null, not here -- we don't need it. Steve Disclaimer: I'm only a [free] subscriber, no other connection, etc. -- Steve Friedl V-Systems, Inc. +1 714 545 6442 3B2-kind-of-guy friedl@vsi.com {backbones}!vsi.com!friedl attmail!vsi!friedl ------------Nancy Reagan on the worm: "Just say OH NO!"------------
spaf@cs.purdue.edu (Gene Spafford) (11/15/88)
Let me join Steve Friedl in saying that it is inappropriate for you to flame Ross for posting to the net. I believe it is his personal system, so if he posts from root, so what? And I know for a fact he *is* paying attention to this discussion. He interviewed me about some of the things I said on the net. He also asked technically appropriate questions, which is more than I can say for some of the media organizations who have interviewed some of us in recent days. (Would you believe I had someone ask me right after the worm hit whether or not users had to worry about catching the virus? Sheesh!). Discourage the obvious turkeys, but let's try not to pick on sincere and technically competent people. BTW, you might not recognize his name, but I am told that Mr. Greenberg is the author of one of the better PC anti-viral programs. He has been working in that area for a few years, and thus may have more insight into some of the problems than many of the people flaming him will ever hope to have.
honey@mailrus.cc.umich.edu (peter honeyman) (11/16/88)
ross has been active on usenet for years. he may have given up respectability for a journalist's pencil, but that can be excused. peter
greenber@utoday.UUCP (Ross M. Greenberg) (11/19/88)
Thank you, Gene (and Steve)! The machine I post from is the property of UNIX TODAY!, a twice monthly publication put out by CMP Publications. We are attempting to cover the net as part of our UNIX coverage. My personal affiliation with them is as Reviews Editor, probably as Technical Editor shortly and as a freelancer writing for them. I also serve as their SA. Additionally, I will be training the UNIX TODAY! staff in how to get the best usage out of UNIX, and how to properly use the net - and trying to figure out how best we can be a net resource. Because of the close affiliation the net has with the UNIX community, we look forward to the suggestions, comments, complaints, and even the occasional flame we might get -- as long as it doesn't clutter up the net. As such, please send what comments you might have either to me, or to my head honcho, Mike Azarra (uunet!utoday!mikea). We have a number of other mailboxes as well, which you'll find on our masthead and throughout the newspaper. Opinions I might express will be my own, unless my editors ask me to post an official opinion --- and they would labeled as such. Ross M. Greenberg UNIX TODAY! uunet!utoday!greenber,root
greenber@utoday.UUCP (Ross M. Greenberg) (11/19/88)
In article <792@mailrus.cc.umich.edu> honey@citi.umich.edu (peter honeyman) writes: >ross has been active on usenet for years. he may have given up >respectability for a journalist's pencil, but that can be excused. > > peter Harumpf! :-) Howdy, Peter! Ross
allbery@ncoast.UUCP (Brandon S. Allbery) (11/22/88)
As quoted from <10538@ncc.Nexus.CA> by lyndon@nexus.ca (Lyndon Nerenberg): +--------------- | In article <456@utoday.UUCP>, root@utoday (Ross M. Greenberg) writes: | >As part of a followup story we're doing on the InterNet Worm and its | >ramifications throughout the industry, we'd like to ask all the sys-admins | >and others in a position of hiring programmers: | > | >"Given the opportunity to hire the creator of the InterNet Worm, would you?" | | Hmm ... First question *I* would ask is "do you do other things besides | read/post news when you're logged in as root?" | | How can I place any credibility in your reporting when your actions | show you aren't paying any attention to anything that has been | discussed here ... +--------------- Amen. Doing *anything* other than the absolute minimum of necessary commands from root (i.e. "su" only when necessary to execute a single privileged command) is asking for trouble. For the record: I wouldn't hire him, Fred Gwinn (my boss) wouldn't hire him. Would *you* trust him as de-facto system administrator for your clients' systems? Or, if the Worm really was an accident, would you trust him as a programmer? (QC, people, QC.) ++Brandon -- Brandon S. Allbery, comp.sources.misc moderator and one admin of ncoast PA UN*X uunet!hal.cwru.edu!ncoast!allbery <PREFERRED!> ncoast!allbery@hal.cwru.edu allberyb@skybridge.sdi.cwru.edu <ALSO> allbery@uunet.uu.net comp.sources.misc is moving off ncoast -- please do NOT send submissions direct Send comp.sources.misc submissions to comp-sources-misc@<backbone>.
mack@inco.UUCP (Dave Mack) (11/23/88)
In article <13162@ncoast.UUCP> allbery@ncoast.UUCP (Brandon S. Allbery) writes: >For the record: I wouldn't hire him, Fred Gwinn (my boss) wouldn't hire him. >Would *you* trust him as de-facto system administrator for your clients' >systems? Or, if the Worm really was an accident, would you trust him as a >programmer? (QC, people, QC.) I, on the other hand, would certainly consider hiring him. He's clearly a talented programmer. And after all this, I would imagine he's a hell of a lot more serious and conscientious about it. Please note that this is my personal opinion and not the official position of McDonnell Douglas. Dave Mack
trn@aplcomm.jhuapl.edu (Tony Nardo) (11/26/88)
In article <3738@inco.UUCP> mack@inco.UUCP (Dave Mack) writes: >In article <13162@ncoast.UUCP> allbery@ncoast.UUCP (Brandon S. Allbery) writes: >>For the record: I wouldn't hire him, Fred Gwinn (my boss) wouldn't hire him. >>Would *you* trust him as de-facto system administrator for your clients' >>systems? Or, if the Worm really was an accident, would you trust him as a >>programmer? (QC, people, QC.) > >I, on the other hand, would certainly consider hiring him. He's clearly ^^^^^^^^^^^^ >a talented programmer. And after all this, I would imagine he's a hell ^^^^^^^^^^^^^^^^^^^^^^ >of a lot more serious and conscientious about it. Really, now? Have you looked at the code? The few pieces I've seen (the small *.c files that came across in clear text) fail to convince me of that. He may have had access to information that most people don't, but that's hardly a trait of a talented *programmer*. Besides, would you hire someone who *really* believes that 'C' is self- documenting -- and therefore doesn't include a single comment in his code? :-) ============================================================================== ARPA, BITNET: trn@aplcomm.jhuapl.edu UUCP: {backbone!}mimsy!aplcomm!trn "Any clod can have the facts, but having opinions is an Art." - Charles McCabe, San Francisco Chronicle "Any clod can have opinions, but having facts to support them is an Art!" - moi ==============================================================================
spaf@cs.purdue.edu (Gene Spafford) (11/27/88)
In article <3738@inco.UUCP> mack@inco.UUCP (Dave Mack) writes: >I, on the other hand, would certainly consider hiring him. He's clearly >a talented programmer. And after all this, I would imagine he's a hell >of a lot more serious and conscientious about it. Ahem. I've read through 3 different reverse compilations and unassembled versions of the worm program, and I can say pretty definitively that the worm program shows no evidence of the author (or authors) being a talented programmer. The code is poorly structured, there is dead code throughout, calls are made with the wrong number and kinds of arguments, effort is duplicated, and the data structures chosen are not appropriate for the task at hand. If this were code from a student in one of my courses, I would give it no more than a low C grade. It is largely luck that it worked as well as it did, and I doubt it was tested or ever run through lint. This is all discussed in my tech report (to be issued Monday). As far as being more serious and conscientious, how the heck do you know that? Perhaps the author(s) is now more serious and conscientious about not being caught. Maybe he/she/they are now more serious about causing damage the next time something like this is done. If the only punishment is a fine or a slap on the wrist, exactly what lessons do you think will have been learned from this? Even if the punishment is more severe, what do you *know* will have been learned? It would be irresponsible for a businessman to hire a failed embezzler as the company comptroller. It would be stupid to hire a admitted arsonist as the night watchman at a lumberyard. It would be criminal to hire a child molester to work as a babysitter. Even if these people had been caught, paid a fine, and served time, would you trust them with something of value to you and related to their criminal activity? To hire the author(s) of the worm to work on computer security or important computer software would be just plain stupid. He/she/they has demonstrated a total ignorance about right and wrong just to run some "neat hacks." If I knew that a company hired the author(s), I wonder if I could ever trust the software they would market. I doubt I would ever purchase anything from that company if I had any alternative at all. Think about it. -- Gene Spafford NSF/Purdue/U of Florida Software Engineering Research Center, Dept. of Computer Sciences, Purdue University, W. Lafayette IN 47907-2004 Internet: spaf@cs.purdue.edu uucp: ...!{decwrl,gatech,ucbvax}!purdue!spaf
mack@inco.UUCP (Dave Mack) (11/29/88)
In article <5518@medusa.cs.purdue.edu> spaf@cs.purdue.edu (Gene Spafford) writes: >In article <3738@inco.UUCP> mack@inco.UUCP (Dave Mack) writes: >>I, on the other hand, would certainly consider hiring him. He's clearly >>a talented programmer. And after all this, I would imagine he's a hell >>of a lot more serious and conscientious about it. > >Ahem. I've read through 3 different reverse compilations and unassembled >versions of the worm program, and I can say pretty definitively that >the worm program shows no evidence of the author (or authors) being >a talented programmer. The code is poorly structured, there is dead >code throughout, calls are made with the wrong number and kinds of >arguments, effort is duplicated, and the data structures chosen are >not appropriate for the task at hand. If this were code from a >student in one of my courses, I would give it no more than a low C >grade. It is largely luck that it worked as well as it did, and >I doubt it was tested or ever run through lint. > >This is all discussed in my tech report (to be issued Monday). I bow to your expertise in this matter, but I do have a question. Haven't you ever written a program that contained redundant or dead code that you intended to hack out in the final version? Second, you're dealing with decompiled versions which don't include, for example, preprocessor commands. Who knows what was in there before cpp got hold of it? (I'm assuming (urk!) that this was originally in C, not hand-coded assembler.) Finally, coding system calls with weird arguments is one of the classic methods of probing for holes in an operating system. In which case, why would one bother running it through lint? >As far as being more serious and conscientious, how the heck do you >know that? Perhaps the author(s) is now more serious and conscientious >about not being caught. Maybe he/she/they are now more serious about >causing damage the next time something like this is done. If the only >punishment is a fine or a slap on the wrist, exactly what lessons do >you think will have been learned from this? Even if the punishment is >more severe, what do you *know* will have been learned? Again, an assumption. I suppose that I'm just a chicken, but I thought that having his name spattered across the evening news, having the FBI probing through every aspect of his life, etc., might have a slightly sobering effect on him. >It would be irresponsible for a businessman to hire a failed embezzler >as the company comptroller. It would be stupid to hire a admitted >arsonist as the night watchman at a lumberyard. It would be criminal >to hire a child molester to work as a babysitter. Even if these people >had been caught, paid a fine, and served time, would you trust them >with something of value to you and related to their criminal activity? You ignore the matter of intention. Nobody embezzles money accidentally. Nobody molests children accidentally. How do you know that the "culprit" released this thing into the Internet intentionally? Can you prove that the release of the worm was intentional rather than accidental? >To hire the author(s) of the worm to work on computer security or >important computer software would be just plain stupid. He/she/they >has demonstrated a total ignorance about right and wrong just to run >some "neat hacks." Same point as above. You're comment about "right and wrong" assumes that he intended the thing to penetrate the net as opposed to being a "proof of concept" program which was never intended to actually execute outside a controlled environment. From your description of the decompiled code, especially the bit about dead and redundant code, it sounds very much like something that was unfinished. Wouldn't it be interesting if all of this had happened because he accidentally deleted a line containing a chroot(2) call? >If I knew that a company hired the author(s), I wonder if I could ever >trust the software they would market. I doubt I would ever purchase >anything from that company if I had any alternative at all. Think >about it. I have. I'd put him in QA. Great marketing gimmick: "Even the author of the Great Internet Worm of '88 was unable to penetrate our code." :-) How about waiting to hear RTMjr's side of the story, Gene? Remember the old gag about innocent until proven guilty? You keep talking about ethics and morality, but you seem ready to lynch the guy without a trial. If it could be proven that the worm's author did intentionally release the beast and that there was no evidence of repentance on his part, then no, I wouldn't hire him. As far as I know, neither point has been proven. Dave Mack Disclaimer: Not necessarily the views of my employer.
spaf@cs.purdue.edu (Gene Spafford) (11/30/88)
In article <3768@inco.UUCP> mack@inco.UUCP (Dave Mack) writes: >Haven't you ever written a program that contained redundant or >dead code that you intended to hack out in the final version? How do you know this version of the Worm wasn't the final version? >Finally, coding system calls >with weird arguments is one of the classic methods of probing for >holes in an operating system. In which case, why would one bother >running it through lint? The bogus arguments to calls were not there to probe for holes. The calls were in a logical pplace, but they just had the wrong arguments. It's obvious what the difference is if you read it. >Again, an assumption. I suppose that I'm just a chicken, but I thought >that having his name spattered across the evening news, having the FBI >probing through every aspect of his life, etc., might have a slightly >sobering effect on him. There are some warped individuals who get off on such publicity. I'm not claiming that the author is one of those, but it is possible. It is also possible that the current exposure will "harden" the author for the next time.... >How do you know that the "culprit" >released this thing into the Internet intentionally? Can you prove >that the release of the worm was intentional rather than accidental? The program was written to break into systems. Aggressively. It could have no other use. Furthermore, there is *nothing* in the code to stop it. It doesn't check for a special host, it doesn't look for a special file, it doesn't listen for any special messages...it just infects every machine it can reach. I can't conclude that it wasn't an accident, but I don't believe it was. >Wouldn't it be interesting if all of this had happened because he >accidentally deleted a line containing a chroot(2) call? chroot wouldn't have stopped this. >How about waiting to hear RTMjr's side of the story, Gene? Remember the >old gag about innocent until proven guilty? You keep talking about ethics >and morality, but you seem ready to lynch the guy without a trial. And you're pinning it on him without a confession or conviction. How do you know RTM did it? I'm also not interested in a lynching. -- Gene Spafford NSF/Purdue/U of Florida Software Engineering Research Center, Dept. of Computer Sciences, Purdue University, W. Lafayette IN 47907-2004 Internet: spaf@cs.purdue.edu uucp: ...!{decwrl,gatech,ucbvax}!purdue!spaf
cory@gloom.UUCP (Cory Kempf) (12/03/88)
All of this chatter about hiring the worm gave me an interesting idea... I have figured out how to write a virus (as well as a worm or trojan horse for that matter) for unix sytems as well as macintosh systems. (A slight mod to one of the techniques would work on most other pc's as well). Those of you who wish to hire me as a security consultant, please send an offer letter to me via e-mail. (PS: please include salary and a list of bene's) +C -- Cory (the last person to escape alive from riverside) Kempf UUCP: encore.com!gloom!cory "...it's a mistake in the making." -KT
jgreely@cis.ohio-state.edu (J Greely) (12/03/88)
In article <216@gloom.UUCP> cory@gloom.UUCP writes: >I have figured out how to write a virus (as well as a worm or trojan >horse for that matter) for unix sytems as well as macintosh systems. ... but the code is too long to fit in the Summary line? Last name wouldn't be Fermat, would it? >Those of you who wish to hire me as a security consultant, please >send an offer letter to me via e-mail. ...those of you who don't wish to hire him, please send a letter bomb via duct. *Sigh*. -- J Greely (jgreely@cis.ohio-state.edu; osu-cis!jgreely) "What's she doing? Angels don't have libidos! They don't have any reproductive organs at all!" "That just means it takes a bit longer. Calm down."