clarke@acheron.UUCP (Ed Clarke) (11/07/88)
From article <367@execu.UUCP>, by dewey@execu.UUCP (Dewey Henize): > On the next area of consideration, who's gonna get hold of the bastard > that caused this and beat the shit out of him? Having a daddy that's a That may not be necessary. Would you hire someone with the poor judgement to deliberately screw with federal computers? Would you give such a person a news feed? Assuming he beats the charges, he may have a tough time finding work - even with his expensive CompSci degree. Come to think of it, is ??? university liable for the damage one of their students has done to the arpa net? Can they be sued to recover the cost of the computer time used by the worm? Frankly, I hope that this is not the case - but it's something to think about when this persons resume comes across your desk. -- Ed Clarke uunet!bywater!acheron!clarke
netnews@pikes.Colorado.EDU (Robert Sklar) (11/07/88)
In article <265@acheron.UUCP> clarke@acheron.UUCP (Ed Clarke) writes: >From article <367@execu.UUCP>, by dewey@execu.UUCP (Dewey Henize): >> On the next area of consideration, who's gonna get hold of the bastard >> that caused this and beat the shit out of him? Having a daddy that's a > >That may not be necessary. Would you hire someone with the poor >judgement to deliberately screw with federal computers? Would you >give such a person a news feed? Assuming he beats the charges, he >may have a tough time finding work - even with his expensive CompSci >degree. > >Come to think of it, is ??? university liable for the damage one of >their students has done to the arpa net? Can they be sued to recover >the cost of the computer time used by the worm? Frankly, I hope that >this is not the case - but it's something to think about when this >persons resume comes across your desk. Fist off, I want to state that I have no bad feeling for the guy who created the virus, as we call it. This has been confirmed as an experiment by a computer student that "accidently" went crazy and spread. Not only that, but said individual also owned up to the fact that he did it. I think that if I was making the decision to hire someone, I would want someone as smart as that on my team. It's things like this which make us sit up and take notice that maybe everything is not as easy as we think. Furthermore, If this individual wanted to cause great damage to other machines it would have been done. The fact that he created an experiment that was non distructive and even cleaned up after itself shows true realization of the potential for distruction. In conclusion, it is not anyones place to begin making judgements prior to having all the facts in a case like this. Think about it! -- Robert M. Sklar - News Administrator @ CU-Denver UUCP: {whatever}!boulder!pikes!netnews CSN: netnews@pikes.Colorado.EDU BITNET: netnews@cudenver.BITNET ***** Ignore These Four Words *****
mtr@mace.cc.purdue.edu (Miek Rowan) (11/07/88)
In article <1636@pikes.Colorado.EDU>, netnews@pikes.Colorado.EDU (Robert Sklar) writes: > Fist off, I want to state that I have no bad feeling for the guy who created > the virus, as we call it. This has been confirmed as an experiment by a > computer student that "accidently" went crazy and spread. Not only that, Hang on. I saw it. It was meant to do exactly what it did. The only possible truth in what you said is that he wasn't finished with it yet. This kid knew exactly what he was doing, his code shows that. No - you can't write this off as an accident. It was intentional. Maybe he should get sentenced to 20 years of security work for the Goverment (at goverment wages :-) -- But by no means should we just say : "Be more careful next time." He cost the net A LOT of money. If you are looking to hire someone like this, think about it first. A school may not be held accountable, but a company would be a different story I imagine. > but said individual also owned up to the fact that he did it. I think that > if I was making the decision to hire someone, I would want someone as smart > as that on my team. It's things like this which make us sit up and take > notice that maybe everything is not as easy as we think. As smart and irresponsible you mean. When he messes something up to show you it could be done, and it takes you a number of man years to fix it, then what will you say? "But gee, he is so smart!" Get real. When you were in High School, did you break all the schools windows just because there was no police patrol after 12 midnight? This is the same thing. We have all found bugs in the BSD release (as well as others - more there in fact) but did we EXPLOIT THEM??? NO! Did we WASTE THOUSANDS OF NET HOURS??? NO! (now, don't get the wrong idea, I am *not* in favor of public executions) :-) mtr
ajdenner@athena.mit.edu (Alexander J Denner) (11/08/88)
In article <265@acheron.UUCP> clarke@acheron.UUCP (Ed Clarke) writes: >From article <367@execu.UUCP>, by dewey@execu.UUCP (Dewey Henize): >> On the next area of consideration, who's gonna get hold of the bastard >> that caused this and beat the shit out of him? Having a daddy that's a > >That may not be necessary. Would you hire someone with the poor >judgement to deliberately screw with federal computers? Would you >give such a person a news feed? Assuming he beats the charges, he >may have a tough time finding work - even with his expensive CompSci >degree. Yes!! He must be quite bright. I do not condone what he did, but he could have made things a whole lot worse if he had wanted to. Imagine killing files instead of just using CPU time. ----------------------------------------------------------------------------- Alexander J. Denner ajdenner@athena.mit.edu 234 Baker House, 362 Memorial Drive mit-eddie!mit-athena!ajdenner Cambridge, MA 02139 ajdenner%athena@mitmva.mit.edu
dtynan@sultra.UUCP (Der Tynan) (11/08/88)
In article <1636@pikes.Colorado.EDU>, netnews@pikes.Colorado.EDU (Robert Sklar) writes: > > [...] Not only that, > but said individual also owned up to the fact that he did it. I think that > if I was making the decision to hire someone, I would want someone as smart > as that on my team. It's things like this which make us sit up and take > notice that maybe everything is not as easy as we think. > > Robert M. Sklar - News Administrator @ CU-Denver First off, why didn't he own up when it could have made a difference. A lot of people lost a lot of sleep for fear that a) there may have been more to the worm than they had found, and b) that the thing may have a destructive bent. If he had admitted to it thursday or friday, and told people about the 'pleasequit' option, things mightn't have been so bad. Secondly, I spent an inordinate amount of time, while in college, discovering ways to get the OPERATOR password on a DecSystem-20. In the process, I discovered numerous ways of crashing the system. Want to guess how often I've used this invaluable knowledge since then? Of course it's valuable to know the different security holes in a system, but it's also a great help if you know that someone is screwing around with them beforehand. Unfortunately, however, I think you're right - the media will probably make a cult figure out of him -- The "child genius"-type story. I think they should make an example of him, otherwise other people will try for "fame and glory" as well, and where would that put us? - Der -- dtynan@Tynan.COM (Dermot Tynan @ Tynan Computers) {apple,mips,pyramid,uunet}!zorba.Tynan.COM!dtynan --- God invented alcohol to keep the Irish from taking over the planet ---
cuccia@chaos.UUCP (Nick Cuccia) (11/08/88)
In article <1636@pikes.Colorado.EDU> netnews@pikes.Colorado.EDU (Usenet News) writes: > Furthermore, If this individual wanted to cause great damage to other machines > it would have been done. The fact that he created an experiment that was > non distructive and even cleaned up after itself shows true realization of > the potential for distruction. Depends on what you want to call "non-destructive." If you're talking about the loss of files or corruption of data, then yeah, the worm was non- destructive. But if you consider the amount of time that thousands of people had to spend to deal with the worm (or, for non-Internet sites, the threat of the worm), add that to the amount of system downtime (interrupting ongoing experiments or calculations) in many computer centers, and then add that to the loss of connectivity that the worm has caused, and you start to accumulate serious bucks, not to mention inconvenience. And, in any case, the virus could've caused some serious damage, especially if it infected a machine doing sensitive real-time work; Stoll (in _Stalking the Wily Hacker_) remarked that at one point the hacker that was being tracked stumbled onto a machine doing real-time medical monitoring; care to imagine the same machine being infected by many copies of the "benign" virus that was seen this past week? I sure don't. > Robert M. Sklar - News Administrator @ CU-Denver --Nick =============================================================================== Nick Cuccia System Admin/Postmaster, Sybase sybase!cuccia@sun.com {mtxinu,sun,pyramid,pacbell}!sybase!cuccia Me? Speak for my company? You're kidding, right?
jlc@wucfua.wustl.edu (Roving UIUC CS Grad Student) (11/08/88)
In article <265@acheron.UUCP> clarke@acheron.UUCP (Ed Clarke) writes: >That may not be necessary. Would you hire someone with the poor >judgement to deliberately screw with federal computers? Me? No! But I'm not in the computer security business. He's probably already got a handful of lucrative job offers already, though, from those who are. If nothing else, I'll bet the NSA would be very interested. >Come to think of it, is ??? university liable for the damage one of >their students has done to the arpa net? Can they be sued to recover >the cost of the computer time used by the worm? Frankly, I hope that >this is not the case - but it's something to think about when this >persons resume comes across your desk. I sure doubt it. In fact, I'd be very surprised if the AUTHOR is liable for even the cost of computer time, much less the time spent tracking down the worm and stomping it. This isn't exactly a well-specified area of the law, and precedent is pretty thin. While we're at it, let's all let out a BIG sigh of relief that, for this first big worm, the author was clearly not malicious. If this had been a malicious worm (just a simple disk-eraser would be enough) think of the cost and the damage. We're all REAL lucky to have gotten a low-cost, high-visability warning of how vulnerable we all are. -------------------------------------------------------------------------- | John L. Coolidge Internet:jlc@wucfua.wustl.edu UUCP:jlc@wucfua.uucp | | "My other account is in Illinois" I just read news here... | | With the exception of included material: All above opinions are mine. | | Licensing terms available. Copyright (c) 1988 John L. Coolidge. Copying | | allowed if and only if attributed. All other rights reserved. | --------------------------------------------------------------------------
spaf@cs.purdue.edu (Gene Spafford) (11/08/88)
[I originally posted this in news.sysadmin (where this discussion should be), but it bears repeating here.] I've been seeing a lot of commentary from people claiming that we should be grateful that the worm (it is *not* a virus -- a virus includes itself in the code of other programs and only runs when they do; a worm is a independent entity) exposed some security problems for us. Some of those same people are claiming that Robert Morris, Jr. should not be prosecuted because he did us a favor, and it was somehow our fault for not fixing the problems sooner. That attitude is completely reprehensible! That is the exact same attitude that places the blame for a rape on the victim; I find it morally repugnant. Consider an analogy: Locks built in to the handle of a door are usually quite poor; deadbolts are a preferred lock, although they too are not always secure. These standard, non deadbolt locks can be opened in a few seconds with a screwdriver or a piece of plastic by someone with little training. Now, if you have such a lock on your door, and you wake up in the middle of the night to find that a stranger has broken into your home and is wandering about, bumping into things in the dark and breaking them, how do you react? Do you excuse him because the lock is easy to circumvent? Do you thank him because he has shown you how poor your locks are? Do you think *you* should be blamed because you never got around to replacing the lock with a better one and installing a burgler alarm? We have failed to imbue society with the understanding that computers contain property, and that they are a form of business location. If someone breaks our computers, they put us out of work. If someone steals our information, it is really theft -- not some prank gone awry. If someone broke into the NY Times and vandalized their printing presses, it would not be dismissed as the work of a bored college student, and even if it was the son of the editor, I doubt anyone would make a statement that "It will ultimately be a good thing -- we'll be forced to improve our security." We cannot depend on making our systems completely secure. To do so would require that we disconnect them from each other. There will always be bugs and flaws, but we try to cover that by creating a sense of responsibility and social mores that say that breaking and cracking are bad things to do. Now we have to demonstrate to the world that this is the case, and we will back it up with legal action, or we'll continue to risk having bored students and anti-social elements cracking whatever we replace the systems with until there is no longer any network. That is not a risk I want to deal with. -- Gene Spafford NSF/Purdue/U of Florida Software Engineering Research Center, Dept. of Computer Sciences, Purdue University, W. Lafayette IN 47907-2004 Internet: spaf@cs.purdue.edu uucp: ...!{decwrl,gatech,ucbvax}!purdue!spaf
scs@itivax.UUCP (Steve C. Simmons) (11/08/88)
Re all the stuff on the virus writer as good guy vs bad guy: There was a recent fix posted to FTP that closed a hole. It went out on high priority via the same newsgroup as the first worm stompers. It cost me about $100 of my time to apply at ITI, and got near 100% coverage around Ann Arbor within two days. By comparison, the worm cost me 400 user-hours of downtime, and about 50 man-hours of hands-on work by various folks -- and we were never even infected. Both sets of holes were closed. But what a world of difference in how! -- Steve Simmons ...!umix!itivax!scs Industrial Technology Institute, Ann Arbor, MI. "You can't get here from here."
matthews@eleazar.dartmouth.edu (Jim Matthews) (11/08/88)
In article <2622@sultra.UUCP> dtynan@sultra.UUCP (Der Tynan) writes: >First off, why didn't he own up when it could have made a difference. A lot >of people lost a lot of sleep for fear that a) there may have been more to >the worm than they had found, and b) that the thing may have a destructive >bent. If he had admitted to it thursday or friday, and told people about the >'pleasequit' option, things mightn't have been so bad. From "Contagion Overpowers Creator", The Washington Post, 11/7/88 "Desperately working into the early hours of Thursday morning, Morris struggled to find a way to stop the virus's [sic] spread. 'But he was besieged by his own creation,' said Mark Friedell, an assistant professor of computer science at Harvard University who served as Morris' thesis adviser last year when he was a Harvard senior. 'His machines at Cornell were so badly clogged he couldn't get the message out.' Panicked, Morris called Andy Sudduth, systems manager at the Aiken Laboratory at Harvard where Morris had spent thousands of hours. He asked Sudduth to send urgent messages to a computer billboard, explaining how to defeat the virus [sic], according to Sudduth. 'The nets were like molasses,' Sudduth said yesterday. 'It took me more than an hour to get anything out at all.'" Jim Matthews Dartmouth Software Development
davis@maui.cs.ucla.edu (Bill Davis) (11/09/88)
Should Robert "wormer" Morris be punished? Should he be rewarded? Should we discourage others from this type of activity, or should we encourage them? What happens to Robert Morris will send a message to all. The message will either be: It is O.K. -or- It is not O.K. IF YOU FEEL THAT WHAT MR. MORRIS DID WAS O.K., THEN POST THE NAMES OF YOUR MACHINES TO THE NET AND ENCOURAGE EVERYONE TO BREAK INTO YOUR SYSTEMS! I don't think it was O.K., I think he should be punished, and I think that his being punished will discourage others from this type of activity in the future. And another thing! (for those that would like to hire Mr. Morris) He could have been working at YOUR company when this happened! LAW SUITS >> LAW SUITS >> LAW SUITS >> BANKRUPTCY FOR YOUR COMPANY! Bill Davis - UCLA Computer Science Department PHONE: (213) 825-9082 ARPA: davis@CS.UCLA.EDU UUCP: (ucbvax,rutgers)!ucla-cs!davis MAIL: 3531 Boelter Hall, Los Angeles, California 90024-1596
mhw@wittsend.LBP.HARRIS.COM (Michael H. Warfield) (11/09/88)
In article <265@acheron.UUCP> clarke@acheron.UUCP (Ed Clarke) writes: >That may not be necessary. Would you hire someone with the poor >judgement to deliberately screw with federal computers? Would you >give such a person a news feed? Assuming he beats the charges, he >may have a tough time finding work - even with his expensive CompSci >degree. Nice try but this guy will probably end up as another hacker turned security expert and may well list his exploits right on his resume. I got my position in R&D by cracking an "uncrackable" proprietary system (I guess they figured programing a non-programmable word processing system was a cute trick). I don't know what that says about the general level of ethics in the business we're all in but that the cards we're dealt. His biggest problem won't be getting a job. He could even write a book (remember "Out of the Inner Circle"? ). After a convincing conviction in Texas earlier this year, his biggest problem will be avoiding jail (He could still write the book). Certainly not condoning him although he sure could have done worse. This baby was a very effective worm. Anyone want to contemplate what would have been the result if the worm had had a virus core???????? --- Michael H. Warfield (The Mad Wizard) | gatech.edu!galbp!wittsend!mhw (404) 270-2123 / 270-2098 | mhw@wittsend.LBP.HARRIS.COM An optimist believes we live in the best of all possible worlds. A pessimist is sure of it!
rcj@moss.ATT.COM (11/09/88)
In article <5343@medusa.cs.purdue.edu> spaf@cs.purdue.edu (Gene Spafford) writes: }Consider an analogy: } }Locks built in to the handle of a door are usually quite poor; }deadbolts are a preferred lock, although they too are not always }secure. These standard, non deadbolt locks can be opened in a few }seconds with a screwdriver or a piece of plastic by someone with little }training. } }Now, if you have such a lock on your door, and you wake up in the }middle of the night to find that a stranger has broken into your home }and is wandering about, bumping into things in the dark and breaking }them, how do you react? Do you excuse him because the lock is easy to }circumvent? Do you thank him because he has shown you how poor your }locks are? Do you think *you* should be blamed because you never got }around to replacing the lock with a better one and installing a }burgler alarm? Dr. Analogy here -- this one doesn't wash, either, Spaf. It's better than most, though -- let's see if we can make it accurate. Add the fact that there are many people who have a key to the door of your house, that there are many people coming in, leaving, and wandering all over your house at all hours of the day and night. They aren't in your bedroom, because you have a super-good lock that only a few select people have keys to ;-) but they're everywhere else all the time. They're watching your TV, using your phones, reading your books, using your appliances, etc. In addition, you have a separate door that allows *anyone* in -- it isn't even locked! And there's an honor-system book exchange in the separate area of the house that it opens onto! NOW, are you going to be as upset if you find someone you don't know wandering around in your house in the middle of everyone else? Well, you're still going to be upset because his activities, while not damaging, have disrupted the entire household and brought all the other's activities to a standstill -- so much so that you have to empty the house while you deal with him. But it isn't nearly the fear, upset, and anger you would experience in the analogy you gave. }We have failed to imbue society with the understanding that computers }contain property, and that they are a form of business location. If }someone breaks our computers, they put us out of work. If someone }steals our information, it is really theft -- not some prank gone }awry. If someone broke into the NY Times and vandalized their printing }presses, it would not be dismissed as the work of a bored college }student, and even if it was the son of the editor, I doubt anyone would }make a statement that "It will ultimately be a good thing -- we'll be }forced to improve our security." This, I must admit is a very very valid viewpoint -- hadn't thought of it that way. Thanks. [Due to my rather flaming articles of recent, I feel compelled to clarify that this is NOT sarcasm!] I still take issue, though, Gene. My business location doesn't have people wandering around bumping into things because we have a security group and a lobby with guards. We don't shut ourselves off from the outside world, there are no fences, just security at the entrances. Bob Morris didn't come in through the window -- he came in through the door. }We cannot depend on making our systems completely secure. To do so }would require that we disconnect them from each other. There will }always be bugs and flaws, but we try to cover that by creating a sense }of responsibility and social mores that say that breaking and cracking }are bad things to do. Now we have to demonstrate to the world that "Computer Cracking -- Just Say No" You should get Nancy Reagan to help with your campaign -- look what she's done against drugs in the U.S. :-( I'm glad my bank doesn't have your attitude. Curtis Jackson -- att!moss!rcj 201-386-6409 "The cardinal rule of skydiving and ripcords: When in doubt, whip it out!"
brad@looking.UUCP (Brad Templeton) (11/10/88)
A nasty thing for a judge to do would be not to jail him for long, and instead bad him from working in the computer industry for some number of years. It would prove a powerful deterrent, as nobody could get rich as a consultant because of notoriety. Can they legally do this? -- Brad Templeton, Looking Glass Software Ltd. -- Waterloo, Ontario 519/884-7473
trn@warper.jhuapl.edu (Tony Nardo) (11/10/88)
In article <36111@clyde.ATT.COM> rcj@moss.UUCP (Curtis Jackson) writes: >...We don't shut ourselves off >from the outside world, there are no fences, just security at the >entrances. Bob Morris didn't come in through the window -- he came >in through the door. I can't speak for your house, but I know that *my* house does not have some unsuspected secret door leading in. If you mean to say that "sendmail" was the door, then the authors of "sendmail" should have to face a little fire of their own. They made at least one key to that door and left it sitting around -- WITHOUT openly telling the world that they had done so! ============================================================================== ARPA: trn%warper@aplvax.jhuapl.edu OR nardo%str.decnet@capsrv.jhuapl.edu BITNET: trn@warper.jhuapl.edu UUCP: {backbone!}mimsy!aplcomm!warper!trn 50% of my opinions are claimed by various federal, state and local governments. The other 50% are mine to dispense with as I see fit. ==============================================================================
wbt@cbnews.ATT.COM (William B. Thacker) (11/10/88)
In article <36111@clyde.ATT.COM> rcj@moss.UUCP (Curtis Jackson) writes: >In article <5343@medusa.cs.purdue.edu> spaf@cs.purdue.edu (Gene Spafford) writes: >}Consider an analogy: >} >}Locks built in to the handle of a door are usually quite poor; >}deadbolts are a preferred lock, although they too are not always >}secure. These standard, non deadbolt locks can be opened in a few >}seconds with a screwdriver or a piece of plastic by someone with little >}training. >} >}Now, if you have such a lock on your door, and you wake up in the >}middle of the night to find that a stranger has broken into your home >}and is wandering about, bumping into things in the dark and breaking >}them, how do you react? Do you excuse him because the lock is easy to >}circumvent? Do you thank him because he has shown you how poor your >}locks are? Do you think *you* should be blamed because you never got >}around to replacing the lock with a better one and installing a >}burgler alarm? > >Dr. Analogy here -- this one doesn't wash, either, Spaf. >It's better than most, though -- let's see if we can make it accurate. >Add the fact that there are many people who have a key to the door of >your house, that there are many people coming in, leaving, and wandering >all over your house at all hours of the day and night. They aren't in >your bedroom, because you have a super-good lock that only a few select >people have keys to ;-) but they're everywhere else all the time. >They're watching your TV, using your phones, reading your books, using >your appliances, etc. > >In addition, you have a separate door that allows *anyone* in -- it >isn't even locked! And there's an honor-system book exchange in the >separate area of the house that it opens onto! > >NOW, are you going to be as upset if you find someone you don't know >wandering around in your house in the middle of everyone else? Well, Well, while we're bashing analogies... yours is even further off the mark, Curtis. Consider that those many people with keys to your door are all your close friends, who you know you can trust; and that they contributed many of those books in your exchange. When your TV breaks down, one of them fixes it. You don't just give a key to anyone. Now, the door to your book exchange isn't locked; its hidden behind a secret panel. Maybe *you* didn't even know it was there. Certainly, it's impossible for 90% of the population to find. Finally, some stranger goes to school for four years, studying architecture. He gets the blueprints for your house and studies them, too, until he finally discovers that secret door. Instead of sending you a letter describing the door and advising you lock it, he decides for something a bit "showier". Thus, the next morning, you wake up to find strange, muddy bootprints all over your house, and all the rooms are filled to the ceiling with styrofoam peanuts. Sure, it only takes you a day or so to clean the place up, and he could have done more, but... In a related matter : What ever happened to Captain Midnight, the gentleman who commandeered HBO's satellite a few years ago ? I seem to recall that he was caught, but I don't know what happened after that. Seems to be rather an analogous case. ------------------------------ valuable coupon ------------------------------- Bill Thacker att!cbnews!wbt "C" combines the power of assembly language with the flexibility of assembly language. Disclaimer: Farg 'em if they can't take a joke ! ------------------------------- clip and save --------------------------------
pjh@mccc.UUCP (Pete Holsberg) (11/13/88)
My wife came up with the ultimate in penalties for RTM. Sentence him to two hours of data entry per day, five days a week, two semesters. -- Pete Holsberg UUCP: {...!rutgers!}princeton!mccc!pjh Mercer College CompuServe: 70240,334 1200 Old Trenton Road GEnie: PJHOLSBERG Trenton, NJ 08690 Voice: 1-609-586-4800
news@ivucsb.UUCP (Todd Day) (11/13/88)
In article <1872@sybase.sybase.com> cuccia@chaos.UUCP (Nick Cuccia) writes:
_And, in any case, the virus could've caused some serious damage, especially
_if it infected a machine doing sensitive real-time work; Stoll (in _Stalking
_the Wily Hacker_) remarked that at one point the hacker that was being tracked
_stumbled onto a machine doing real-time medical monitoring; care to imagine
_the same machine being infected by many copies of the "benign" virus that
_was seen this past week? I sure don't.
Why would a computer doing real-time medical monitoring be hooked up
to the network? If this computer was doing life/death data gathering
and controlling, then I would consider the administrators to be grossly
negligent. I find it incredible that this sort of thing could happen
at all. It sounds like WARGAMES!
If a computer has to do anything *important* or has to be highly secure,
why even hook it up to the outside world in the first place?
breck@aimt.uu.net (Robert Breckinridge Beatie) (11/19/88)
In article <1636@pikes.Colorado.EDU>, netnews@pikes.Colorado.EDU (Robert Sklar) writes: > Fist off, I want to state that I have no bad feeling for the guy who created > the virus, as we call it. This has been confirmed as an experiment by a > computer student that "accidently" went crazy and spread. Not only that, > but said individual also owned up to the fact that he did it. > ... OK, first of all, did he actually own up to it? I thought that friends of his came forward and told the authorities (and the press) about him. I never heard that he came forward and accepted responsibility for his actions. I'd be feeling a lot more charitable towards him if upon realizing his mistake he had come forward to help clean up the mess he had caused. But he didn't make any attempt to help eliminate the problem he caused. > ... The fact that he created an experiment that was > non distructive and even cleaned up after itself shows true realization of > the potential for distruction. Well, doesn't that depend on why he had it "clean up after itself"? I mean if the only reason that it cleaned up was so people would be less likely to find the new files sitting around or less likely to find some information that might potentially lead back to him then his motives are less than commendable. If a burglar broke into your home and lifted your jewels and then spent 10 minutes wiping his finger prints off your safe, or picking up the tools he used to break in to your home would you commend him for his tidyness? Frankly the fact that he ran his little jewel of the programmers art on a system with connections to the outside world, demonstrates an almost complete disregard for the people he shares the internet with. If he was aware of the potential for disaster (and he must have been) and he was just attempting an experiment, then he should never have run his worm on a machine that was connected to the internet until he was sure that it was debugged and containable. > In conclusion, it is not anyones place to begin making judgements prior to > having all the facts in a case like this. Think about it! And of course, it's pretty hard to disagree with that. -- Breck Beatie (408)748-8649 {uunet,ames!coherent}!aimt!breck OR breck@aimt.uu.net "Sloppy as hell Little Father. You've embarassed me no end."