weemba@garnet.berkeley.edu (Obnoxious Math Grad Student) (11/14/88)
Perhaps no charges will even be brought against RTM, on the grounds that NSA and others are more worried about the worm program becoming public knowledge. Which no doubt could follow from introducing the very program as the main evidence against RTM. ucbvax!garnet!weemba Matthew P Wiener/Brahms Gang/Berkeley CA 94720
spaf@cs.purdue.edu (Gene Spafford) (11/14/88)
In article <16953@agate.BERKELEY.EDU> weemba@garnet.berkeley.edu (Obnoxious Math Grad Student) writes: >Perhaps no charges will even be brought against RTM, on the grounds >that NSA and others are more worried about the worm program becoming >public knowledge. Which no doubt could follow from introducing the >very program as the main evidence against RTM. Easily remedied. There are lots of reverse-engineered versions of the code out there, and new versions could be put together with a modicum of effort. All we need to do is post one such version. There is no law against that....In fact, that would make an interesting tech report, no? -- Gene Spafford NSF/Purdue/U of Florida Software Engineering Research Center, Dept. of Computer Sciences, Purdue University, W. Lafayette IN 47907-2004 Internet: spaf@cs.purdue.edu uucp: ...!{decwrl,gatech,ucbvax}!purdue!spaf
weemba@garnet.berkeley.edu (Obnoxious Math Grad Student) (11/14/88)
In article <5424@medusa.cs.purdue.edu>, spaf@cs (Gene Spafford) writes: >In article <16953@agate.BERKELEY.EDU> weemba@garnet.berkeley.edu (Obnoxious Math Grad Student) writes: >>Perhaps no charges will even be brought against RTM, on the grounds >>that NSA and others are more worried about the worm program becoming >>public knowledge. >Easily remedied. Really? I read in the papers that you were visited by NSA types, Gene. Who apparently wanted the code kept under wraps. Can you clarify? > There are lots of reverse-engineered versions of >the code out there, and new versions could be put together with >a modicum of effort. All we need to do is post one such version. Ah, I see you are arguing closer to my side now. One as might as well make it a dandy all-purpose worm, with lots of include files for mix and match bug exploitation. >There is no law against that.... I don't know. If current laws *do* apply to Morris's actions, does pro- viding the code make one an accessory? > In fact, that would make an interesting >tech report, no? There have been calls for a virus RFC, and also rumors that NSA is going to prepare a report on it too. What's that ancient Jewish curse? "May you live in interesting times." ucbvax!garnet!weemba Matthew P Wiener/Brahms Gang/Berkeley CA 94720
cosell@bbn.com (Bernie Cosell) (11/14/88)
In article <5424@medusa.cs.purdue.edu> spaf@cs.purdue.edu (Gene Spafford) writes: }In article <16953@agate.BERKELEY.EDU> weemba@garnet.berkeley.edu (Obnoxious Math Grad Student) writes: }>Perhaps no charges will even be brought against RTM, on the grounds }>that NSA and others are more worried about the worm program becoming }>public knowledge. Which no doubt could follow from introducing the }>very program as the main evidence against RTM. } }Easily remedied. There are lots of reverse-engineered versions of }the code out there, and new versions could be put together with }a modicum of effort. All we need to do is post one such version. Note that there are two possible "trials" here. I think it would be *fascinating* to see if the FBI or anyone could manage a *criminal* trial. In such a trial, one must adhere to the rather strict rules of evidence. Has anyone ever been able to really *prove* that particular person actually wrote a particular computer file? Think they could *prove* that RTMjr actually _released_ the worm [e.g., that it wasn't one of the sysops who logged in as "root" and su'ed to his account]? That he didn't have code in the file to render the worm innocuous (say to ONLY infect other Cornell machines, or only machines from a small explicit list) and someone ELSE unaccountably removed it? ll of this "evidence" seems sufficiently flimsy that I'm not even convinced that one could recover in a civil action. On the other hand, it would be an incredible set of legal precedents if it made it (you'd surely think twice before you pissed off the sysop on your machine, no? Considering what he could do, *actionably*, in your name!) __ / ) Bernie Cosell /--< _ __ __ o _ BBN Sys & Tech, Cambridge, MA 02238 /___/_(<_/ (_/) )_(_(<_ cosell@bbn.com
spaf@cs.purdue.edu (Gene Spafford) (11/15/88)
In article <16966@agate.BERKELEY.EDU> weemba@garnet.berkeley.edu (Obnoxious Math Grad Student) writes: >Really? I read in the papers that you were visited by NSA types, Gene. >Who apparently wanted the code kept under wraps. Can you clarify? It wasn't the NSA, per se, but the NCSC. Admittedly, they are an agency affiliated with the NSA, but they aren't the same thing. I wasn't visited by them, I got some e-mail and a phone call. The folks there are paid to worry about computer security, and they do a reasonable job of it. They requested that anything we might have that could be used to recreate the virus code not be widely distributed. No threats, no rules, just a request for cooperation. For now, everyone I know who may have reverse-engineered code is willing to go along with that suggestion. >Ah, I see you are arguing closer to my side now. One as might as well >make it a dandy all-purpose worm, with lots of include files for mix >and match bug exploitation. I'm not arguing *any* side. I'm saying what I've been saying all along -- this could be written by lots of people, and many people could recreate the code. Tightening security is not going to be sufficient protection all by itself, even if we could get everyone to do it. We need to work on the security threats as well as the security holes. >I don't know. If current laws *do* apply to Morris's actions, does pro- >viding the code make one an accessory? If providing code makes one an accessory, then AT&T, Berkeley, DEC & Sun will be co-defendents at the trial. Publishing the code is not illegal in any way, unless all the variables are named in such a way that reading the code presents a pornographic story. :-) By analogy, I can purchase books on toxicology and I can mix up poisons in my basement -- legally. However, if I attempt to dump some in the local water supply, I'm in deep doo-doo with the legal authorities. By the same token, selling a gun doesn't make the store owner an accessory so long as s/he follows all applicable laws in the sale. The concept is well-established in law and would apply to the worm, too. (However, note that I'm not a lawyer, so you're getting what you pay for, advice-wise.) >There have been calls for a virus RFC, and also rumors that NSA is going >to prepare a report on it too. Yeah, I'm working on a paper for it now, and a few people have nominated me as the one to do the RFC. We'll see. If nothing else, I will shortly have a tech report with a functional description of how the worm infects a system and what it tries to do. I've had a chance to go through 2 completely separate reversed-engineered versions of the code (the only person to do so, I think). I'll have the material ready by the end of the week, I hope. >What's that ancient Jewish curse? "May you live in interesting times." Better than living in California.... :-) -- Gene Spafford NSF/Purdue/U of Florida Software Engineering Research Center, Dept. of Computer Sciences, Purdue University, W. Lafayette IN 47907-2004 Internet: spaf@cs.purdue.edu uucp: ...!{decwrl,gatech,ucbvax}!purdue!spaf
dhesi@bsu-cs.UUCP (Rahul Dhesi) (11/16/88)
In article <5432@medusa.cs.purdue.edu> spaf@cs.purdue.edu (Gene Spafford) writes: >Publishing the code is not illegal in any way... I suspect it is. The worm code is an unpublished work, and Robert Morris is the copyright owner. One does not need to include a copyright statement to preserve ownership of an unpublished work. -- Rahul Dhesi UUCP: <backbones>!{iuvax,pur-ee}!bsu-cs!dhesi
henry@utzoo.uucp (Henry Spencer) (11/16/88)
In article <32219@bbn.COM> cosell@BBN.COM (Bernie Cosell) writes: >... Think they could >*prove* that RTMjr actually _released_ the worm [e.g., that it wasn't >one of the sysops who logged in as "root" and su'ed to his account]? The legal system deals with "who do we believe?" situations all the time. I doubt that there would be any great problem, especially since (as I understand it) RTMjr has admitted he did it. -- Sendmail is a bug, | Henry Spencer at U of Toronto Zoology not a feature. | uunet!attcan!utzoo!henry henry@zoo.toronto.edu
spaf@cs.purdue.edu (Gene Spafford) (11/16/88)
In article <4770@bsu-cs.UUCP> dhesi@bsu-cs.UUCP (Rahul Dhesi) writes: >In article <5432@medusa.cs.purdue.edu> spaf@cs.purdue.edu (Gene Spafford) >writes: >>Publishing the code is not illegal in any way... > >I suspect it is. The worm code is an unpublished work, and Robert >Morris is the copyright owner. One does not need to include a >copyright statement to preserve ownership of an unpublished work. You are correct. I meant to say "publishing any reverse-engineered code is not illegal..." -- Gene Spafford NSF/Purdue/U of Florida Software Engineering Research Center, Dept. of Computer Sciences, Purdue University, W. Lafayette IN 47907-2004 Internet: spaf@cs.purdue.edu uucp: ...!{decwrl,gatech,ucbvax}!purdue!spaf
erc@unisec.usi.com (Ed Carp) (11/16/88)
In article <4770@bsu-cs.UUCP>, dhesi@bsu-cs.UUCP (Rahul Dhesi) writes: > In article <5432@medusa.cs.purdue.edu> spaf@cs.purdue.edu (Gene Spafford) > writes: > >Publishing the code is not illegal in any way... > > I suspect it is. The worm code is an unpublished work, and Robert > Morris is the copyright owner. One does not need to include a > copyright statement to preserve ownership of an unpublished work. Yes, but if you don't your case is MUCH weaker in court. Check it out with your attorney. -Ed
friedl@vsi.COM (Stephen J. Friedl) (11/16/88)
In article <5432@medusa.cs.purdue.edu> spaf@cs.purdue.edu (Gene Spafford) writes: <Publishing the code is not illegal in any way... In article <4770@bsu-cs.UUCP>, dhesi@bsu-cs.UUCP (Rahul Dhesi) writes: < I suspect it is. The worm code is an unpublished work, and Robert < Morris is the copyright owner. One does not need to include a < copyright statement to preserve ownership of an unpublished work. How about the fair use provision, especially by a University for the purposes of research or whatever... -- Steve Friedl V-Systems, Inc. +1 714 545 6442 3B2-kind-of-guy friedl@vsi.com {backbones}!vsi.com!friedl attmail!vsi!friedl ------------Nancy Reagan on the worm: "Just say OH NO!"------------
bill@twwells.uucp (T. William Wells) (11/16/88)
In article <4770@bsu-cs.UUCP> dhesi@bsu-cs.UUCP (Rahul Dhesi) writes: : In article <5432@medusa.cs.purdue.edu> spaf@cs.purdue.edu (Gene Spafford) : writes: : >Publishing the code is not illegal in any way... : : I suspect it is. The worm code is an unpublished work, and Robert : Morris is the copyright owner. One does not need to include a : copyright statement to preserve ownership of an unpublished work. Ah yes, but distributing a work to many people, who are not know to you, is what constitutes "publishing". So, perhaps, the right way to look at it is that the absence of a copyright notice means the thing was released into the public domain?! --- Bill {uunet|novavax}!proxftl!twwells!bill
cory@gloom.UUCP (Cory Kempf) (11/17/88)
In article <4770@bsu-cs.UUCP>, dhesi@bsu-cs.UUCP (Rahul Dhesi) writes: > In article <5432@medusa.cs.purdue.edu> spaf@cs.purdue.edu (Gene Spafford) > writes: > >Publishing the code is not illegal in any way... > > I suspect it is. The worm code is an unpublished work, and Robert > Morris is the copyright owner. One does not need to include a > copyright statement to preserve ownership of an unpublished work. But he did publish it! or it least it seems that way to me! (I mean what else can you call sending out multiple copies to over 6000 different computer sites thoughout the nation??? However, the real question is Was there a Copyright Notice in the actual worm as published by the Wormer? If so, is there a name on it? if not, then (obviously) it is in the public domain... +C -- Cory (the last person to escape alive from riverside) Kempf UUCP: encore.com!gloom!cory "...it's a mistake in the making." -KT
trn@warper.jhuapl.edu (Tony Nardo) (11/17/88)
In article <4770@bsu-cs.UUCP> dhesi@bsu-cs.UUCP (Rahul Dhesi) writes: >In article <5432@medusa.cs.purdue.edu> spaf@cs.purdue.edu (Gene Spafford) >writes: >>Publishing the code is not illegal in any way... > >I suspect it is. The worm code is an unpublished work, and Robert >Morris is the copyright owner. One does not need to include a >copyright statement to preserve ownership of an unpublished work. I think Morris has to actually claim copyrights on this material in some manner, even if it is just having a listing notorized or prepending "the poor man's copyright" (a "copyright" comment at the top of the module). Anyone with more expertise on this matter care to comment? Anyway, I suspect no one else would wish to claim prior creation of this code. :-) I doubt if Robert Morris will have any problems protecting his work on that regard. Anyone know if releasing the worm source code files (the ones that came over as *.c files) is tatamount to releasing them into the public domain? The object files? [1/2 :-)] This really belongs in misc.legal... ============================================================================== ARPA: trn%warper@aplvax.jhuapl.edu OR nardo%str.decnet@capsrv.jhuapl.edu BITNET: trn@warper.jhuapl.edu (also for smart Internet mailers) UUCP: {backbone!}mimsy!aplcomm!warper!trn 50% of my opinions are claimed by various federal, state and local governments. The other 50% are mine to dispense with as I see fit. ==============================================================================
brian@ncrcan.Toronto.NCR.COM (Brian Onn) (11/17/88)
In article <5432@medusa.cs.purdue.edu> spaf@cs.purdue.edu (Gene Spafford) writes: >... By the same token, selling a gun doesn't make the store >owner an accessory so long as s/he follows all applicable laws in the >sale. Interesting that this isn't so yet, considering that many drinking establishments are thinking twice about pouring that next drink. The owners can often be held accountable for any injuries/deaths that the patron might have caused when he/she leaves the place. I would expect that the same lines of thinking should be applied to the sale of guns, too. Follow-ups have been re-directed to misc.legal. Brian. -- +-------------------+--------------------------------------------------------+ | Brian Onn | UUCP:..!{uunet!mnetor, watmath!utai}!lsuc!ncrcan!brian | | NCR Canada Ltd. | INTERNET: Brian.Onn@Toronto.NCR.COM | +-------------------+--------------------------------------------------------+
crossgl@ingr.UUCP (Gordon Cross) (11/18/88)
In article <4770@bsu-cs.UUCP>, dhesi@bsu-cs.UUCP (Rahul Dhesi) writes: > In article <5432@medusa.cs.purdue.edu> spaf@cs.purdue.edu (Gene Spafford) > writes: > >Publishing the code is not illegal in any way... > > I suspect it is. The worm code is an unpublished work, and Robert > Morris is the copyright owner. One does not need to include a > copyright statement to preserve ownership of an unpublished work. As I understand it, Mr. Morris (assumming he is the curprit which has yet to be proven in court) has already lost his copyright since he distributed thousands of copies of the code that did not carry a copyright notice [or did it? I am amused when I think of the line "This worm Copyright (c) 1988 by Robert Morris Jr. All right reserved." :-) :-)] Wouldn't the worm's propagation be considered "publishing" it?? DISCLAIMER: I do not claim to be a lawyer nor the reincarnation of one... Gordon Cross Intergraph Corp. Huntsville, AL ...uunet!ingr!crossgl
spaf@cs.purdue.edu (Gene Spafford) (11/20/88)
The opinion of our University legal department is that the author of
the original Worm code has lost any copyright on the binary of the
code. Anything reverse-engineered by anyone can be copyrighted by
those "engineers" if they so desire.
--
Gene Spafford
NSF/Purdue/U of Florida Software Engineering Research Center,
Dept. of Computer Sciences, Purdue University, W. Lafayette IN 47907-2004
Internet: spaf@cs.purdue.edu uucp: ...!{decwrl,gatech,ucbvax}!purdue!spafallbery@ncoast.UUCP (Brandon S. Allbery) (11/22/88)
As quoted from <5424@medusa.cs.purdue.edu> by spaf@cs.purdue.edu (Gene Spafford): +--------------- | In article <16953@agate.BERKELEY.EDU> weemba@garnet.berkeley.edu (Obnoxious Math Grad Student) writes: | >Perhaps no charges will even be brought against RTM, on the grounds | >that NSA and others are more worried about the worm program becoming | >public knowledge. Which no doubt could follow from introducing the | >very program as the main evidence against RTM. | | Easily remedied. There are lots of reverse-engineered versions of | the code out there, and new versions could be put together with | a modicum of effort. All we need to do is post one such version. | There is no law against that....In fact, that would make an interesting | tech report, no? +--------------- Aaaagh. Aren't there *any* other Mac users out there reading this newsgroup, or are they forgetting a certain little something...? Spaf, I respect you highly as a Usenet administrator and de-facto Keeper of the Active File. But releasing the source to this virus would be a disaster. Let me tell you -- and everyone else -- a little story: Sometime in 1987, a Mac programmer in West Germany posted some sample viruses (in source form) to a BBS in order to convince people that something should be done about viruses; he'd been victimized a few times by them. He did *too* good a job of warning them (perhaps analogous to RTM?): there are MANY, MANY utilities now available for the Mac that do nothing but sniff out the various mutations of those viruses that sprang up all over the place. Indeed, I haven't seen a virus detector for the Mac *yet* that didn't have some special code to trap "nVIR" viruses. As far as anyone knows, the nVIR plague has been wiped out; but it may yet return in modified form, like the Black Plague -- and there have been others, like Scores (which is as infamous as nVIR in the Mac community), which aren't related except in that they are viruses. IS THIS WHAT YOU WANT TO DO TO THE INTERNET? *Don't* post the virus code. People who really want to get it can undoubted- ly decipher it themselves, or design their own; assuming they're intelligent enough to do so, you couldn't stop them anyway. But making it freely available to all is just asking for any moron to launch an attack on the Internet. ++Brandon -- Brandon S. Allbery, comp.sources.misc moderator and one admin of ncoast PA UN*X uunet!hal.cwru.edu!ncoast!allbery <PREFERRED!> ncoast!allbery@hal.cwru.edu allberyb@skybridge.sdi.cwru.edu <ALSO> allbery@uunet.uu.net comp.sources.misc is moving off ncoast -- please do NOT send submissions direct Send comp.sources.misc submissions to comp-sources-misc@<backbone>.
leonard@qiclab.UUCP (Leonard Erickson) (11/24/88)
In article <4770@bsu-cs.UUCP> dhesi@bsu-cs.UUCP (Rahul Dhesi) writes: <In article <5432@medusa.cs.purdue.edu> spaf@cs.purdue.edu (Gene Spafford) <writes: <>Publishing the code is not illegal in any way... < <I suspect it is. The worm code is an unpublished work, and Robert <Morris is the copyright owner. One does not need to include a <copyright statement to preserve ownership of an unpublished work. But if you distribute a work *without* the notice, you lose the copyright unless you did so inadvertently, or take immediate steps to remedy the ommision. Right? -- Leonard Erickson ...!tektronix!reed!percival!bucket!leonard CIS: [70465,203] ...!tektronix!reed!qiclab!leonard "I used to be a hacker. Now I'm a 'microcomputer specialist'. You know... I'd rather be a hacker."