kscott@cgl.ucsf.edu (Kevin Scott) (11/05/88)
The sendmail worm is not the first virus/worm ever seen. In light of this, it is surprising that we would allow machines to be infected hours (or even a day) after the first sighting. The first reported case of the worm in this newsgroup is 6:00 PM Wednesday in Pittsburgh <5312@medusa.cs.purdue.edu>. At approximately 8:30 in San Francisco (11:30 East Coast) the computers here at UCSF were infected. No method existed to warn one another. Clearly some routes of communication should be created. Hats off to those of you who thought to call the Center for Disease Control in Atlanta. Some thoughts: Is the CDC willing to be the coordinating agency for future viruses? Can a plug be designed into net that can be pulled in case of emergency (I can't think of a design that can't be abused by hackers). Or will people have to simply form some sort of telephone relay? I expect this whole scenario to be replayed. After the first Macintosh virus, many more appeared simply because the hackers knew it could be done. Clearly the alarm can not be spread through the computers; affected computers may be incapacitated by the virus and it is not reasonable to expect someone to always be there to read the news of the alarm before the virus strikes. The aspect I am most curious about is the possible virulence of future viruses. How sophisticated was the sendmail worm's ability to crack passwords? If it merely tried names and information obtained from finger then the choice of reasonable passwords and removal or restriction of .rhosts and hosts.equiv to a limited size may be the only measures that need be taken. If the method is more powerful then there may be no point in changing .rhosts and hosts.equiv. All the questions & none of the solutions, Kevin Scott (kscott@socr.ucsf.edu)
grady@fxgrp.UUCP (Steven Grady) (11/06/88)
In article <11221@cgl.ucsf.EDU> kscott@socrates.ucsf.edu.UUCP (Kevin Scott) writes: >Hats off to those of you who >thought to call the Center for Disease Control in Atlanta. > No no no. That was a joke name for the XCF (Experimental Computing Facility) at UC Berkeley. (The XCF is at "scam.berkeley.edu".) They used CDC as a nickname, once they found a patch to the worm. Steven ...!ucbvax!grady grady@postgres.berkeley.edu