jerry@olivey.olivetti.com (Jerry Aguirre) (11/15/88)
Our site wasn't hit by the worm so I am not even going to comment on it or Mr. Morris. Possibly racing around trying to figure out what what all those "sh" processes were doing would have influenced me. I do have a new question. What self serving ham (making an enemy here) released the story of the worm to the media? And before someone says that the person was doing us a service consider the story presented by the media. I sure couldn't tell what types of computers were effected and whether I should be concerned. When I came in Monday morning I had no idea whether the worm was of concern to me or only effected IBM computers on BITNET. So, I conclude that the media, as usual, "popularized" the story to the point of making it useless as a warning for system admins. I fully expect that someone will shout "freedom of the press" but I don't think that applies. The press is has a freedom to publish information but that doesn't imply a requirement to volunteer it to them. If they get wind and start investigating then fine, give them the story and hope they won't garble it too much. I doubt that is what happened in this case though. It is my opinion that releasing the story to the media, who don't know a damn thing about computers, so they can further misinform the public was more of a disservice than the relase of the worm. Whoever called the press was guilty of the same desire for notoriety that people have accused Mr. Morris of. Please note that I consider this a completely separate issue from keeping security holes secret. Posting holes to the net might do some good, posting them on the 11:00 news won't help anybody, not even the system cracker. Do you want your administration making some kind of knee-jerk reaction based on the story the media presented? It is interesting that the media can correctly report the model of a car that has been recalled, or what brand of Tuna is dangerous to eat, but shies away from terms like Vax, sendmail, and 4.3BSD. That level of detail would be too booring for the menial worker with a 6th grade education that they perceive their readers to be. Jerry Aguirre
smb@ulysses.homer.nj.att.com (Steven M. Bellovin) (11/28/88)
Apart from minor problems with the original posting (the matter was indeed of public interest, since it affected a government-operated net; coverage in the NY Times, the Wall Street Journal, the AP, and NPR (at least) was as accurate and complete as could be expected from general-audience publications), it's worth mentioning that one reason you can't keep things like this secret is that there are reporters on Usenet. Yup, genuine ones, for mainstream papers, too, not just the trade press. But that's all besides the point; I frankly don't see any reason not to tell the media.
kenny@felix.UUCP ( __Lizzard et al) (12/03/88)
In article <10892@ulysses.homer.nj.att.com> smb@ulysses.homer.nj.att.com (Steven M. Bellovin) writes: > it's worth mentioning that one reason >you can't keep things like this secret is that there are reporters on >Usenet. Yup, genuine ones, for mainstream papers, too, not just the >trade press. 'Tis true. I write for Truckin' Magazine... but I couldn't figure out how to work the worm into my column. "The Virus and Your Trip Computer: How safe is safe?" Nah. __Lizzard.