dtynan@sultra.UUCP (Der Tynan) (11/08/88)
In retrospect, from someone who wasn't affected (directly) by the recent worm,
I think the repercussions will be far-reaching, and painful for everyone.
I have to disagree with Weemba's comments about how Morris has done us a
favor (It's not the first time I've disagreed with him - his position is
usually contrary to my own). In the first place, mail (and news) is backed
up all over the place. I think it will be that way for some time. I am
predicting that a lot of 'anonymous' ftp sites will disappear. More companies
will follow the AT&T example, and stop forwarding mail. Others will drop
USENET completely. It is one thing to say that the danger has passed, but
when one looks at the general public's view of other 'virii', a lot of
people tend to be irrational. They will view the security breech as being
caught 'with their pants down'. All one has to do is look at the way the
press is handling the whole affair. The headlines read 'Defense computers
compromised'. They would have you believe that we were seconds away from
World War III (shades of 'War Games'?). The popular press has long been
enamoured with the 'Hacker' (their words not mine). They will probably make
Mr. Morris 'Crown Prince of Hackers'. As a reference, consider such
luminaries as John Lennon's killer (I refuse to give his name), who did it
purely for the glory (?). If we could increase the overall network security,
without compromising its effectiveness, then perhaps Morris' attack would be
beneficial. As it is, the only difference it will bring about, is a stricter
network. Not necessarily a better or more secure network, but one in which
the flow of data is more controlled. It is clear that there are a lot more
bugs which could be exploited, to produce even worse effects. How will these
be discovered? Hopefully, through dissemination and education. I, for one,
was not aware that sendmail had that bug (and I certainly don't blame the
fiasco on the person who left the 'debug' option in-place). Had the
circumstances been different, I would not have been pleased to find out 'the
hard way'. In general, a lot of people will be asking their System Adminis-
trators, how this could happen, and what has been done to prevent a
reoccurance. In all honesty, without devoting many man-years to finding the
rest of the bugs, nothing short of 'pulling the plug' will suffice. In many
cases, this will indeed be the result. All in all, my goal of working at
home, just took three steps backward, and the process of linking many machines
across the planet, with the concept of 'shared information' has probably
been pushed back irretrievably.
As for Morris' defense, that he didn't expect the program to swamp the machines
I claim that this is no defense. Consider, that if his program HAD WORKED AS
HE WANTED IT TO, no-one would be the wiser, right now. What's more, the next
generation of his worm, could transfer the source, when on a machine besides
a VAX or Sun. In which case, by the time anyone actually discovered the worm,
*every* system on the Internet would be contaminated. Not to mention the
UUCP network. Before this gets totally out of hand in terms of public
perception, we need to address the underlying mechanism that lets this happen.
I say, "send him to the salt mines", and we won't have to worry about someone
trying it again...
- Der
--
dtynan@Tynan.COM (Dermot Tynan @ Tynan Computers)
{apple,mips,pyramid,uunet}!zorba.Tynan.COM!dtynan
--- God invented alcohol to keep the Irish from taking over the planet ---t-harish@microsoft.UUCP (Harish Pillay) (11/09/88)
The worm fiasco has perhaps been overly discussed that I think we, as UseNet users, should get a consensus to enable the entire network to be periodically tested for such security breaches. What we need is something like what is done by radio and tv stations: " <Hi tone> This is a test ......." Just as we have periodic fire drills, all sysadmins should get together to perform such tests to see if there is a vulnerability in the connections etc. The UseNet community seems to be divided between thanking Morris or shafting Morris for what he did. There is also an overlapping group that keeps saying that "You were warned. The Network is not SAFE." Let's keep the talk to a minimum and get on with a scheme that tests the integrity of the network. It is my opinion that we need to do it periodically (maybe like once a month) with neighbouring systems testing each other - something that could be done in the evening. Preventive "Break-ins" is what we need. Let's not get all caught up with a security paranoia and cut each other of. UseNet, UUCP, BITNET, anonymous ftp, rlogin, telnet are perhaps the best things to have happened to computers! Any comments welcomed. Harish Pillay Microsoft Corporation microsoft!t-harish@uunet.uu.net