pda@stiatl.UUCP (Paul Anderson) (11/09/88)
This is a call for votes on whether netters feel that:
yes) the recent worm was a service and the fellow should
at least be left to die in peace (...if not thanked).
no) did us a great disservice and should be prosecuted to
the fullest extent of the law.
Send your votes to: {your favorite major node}!gatech!stiatl!gpb
Set the subject line to 'yes' or 'no'.
An automatic vote counter will be run to process and tabulate
entries. You will receive a return receipt indicating your
message arrival. Votes with an invalid subject line will
be returned with a message to that effect. You may only
vote once.
The ballot will be terminated on 11/15/88 (tuesday). You
will not have to wait 2 hours to vote, so do so...
The results will be posted in news.admin within a couple
of days of the end of the count.
paul
--
Paul Anderson gatech!stiatl!pda (404) 841-4000
X isn't just an adventure, X is a way of life...woods@ncar.ucar.edu (Greg Woods) (11/10/88)
In article <1303@stiatl.UUCP> pda@stiatl.UUCP (Paul Anderson) writes: > >yes) the recent worm was a service and the fellow should > at least be left to die in peace (...if not thanked). > >no) did us a great disservice and should be prosecuted to > the fullest extent of the law. What if you happen to think these two choices are not mutually exclusive? In a way, of course, the worm *was* a service. I for one was NOT aware of the security hole in sendmail, despite the fact that my official job here is maintaining the mail system here which is largely based on that program. Nor is it likely that the FTP security hole would have been revealed to the net as quickly and fixed as quickly had it not been for the "incident" last week. So, at least indirectly, we benefitted from the worm. I also now want to be on the security mailing list(s); I never would have felt that way before. And, also on the plus side, it is clear that no PERMANENT damage was done although it easily could have been. On the other hand, we simply can't ignore the fact that this worm was clearly designed to do what it did; I just don't buy any claims that it was an "accident". It had a number of different penetration methods, one looking to quickly infect hosts on a local network, and another looking for remote networks to spread to. It WASN'T an accident, it was cleverly designed; and we simply can't let it go unpunished, or the next "brilliant" college student that finds a security hole will be tempted to do the same thing. I also do not believe that leaving my back window unlocked is justification for stealing my stereo (stupid though it might be on my part). There ARE other ways of publicizing the existence of security holes without actually exploiting them at GREAT hassle and expense to the entire net. If my neighbor notices that I've left my window unlocked, he doesn't have to break into my house to show that to me. I for one have NEVER heard about any of the security holes used by the worm. If I had, and if I had had fixes, I would certainly have closed them (especially the one in the mail system :-) In conclusion, I think that (if found guilty) Morris should be punished. And not just a slap on the wrist. On the other hand there ARE mitigating circumstances; in this case, the lack of any actual damage to the data on the infected systems (which was also clearly intentional). --Greg
henry@utzoo.uucp (Henry Spencer) (11/11/88)
In article <1303@stiatl.UUCP> pda@stiatl.UUCP (Paul Anderson) writes: >yes) the recent worm was a service and the fellow should > at least be left to die in peace (...if not thanked). > >no) did us a great disservice and should be prosecuted to > the fullest extent of the law. You forgot to specify how to vote "a little of both) the worm did the net a service, but its perpetrator should nevertheless be prosecuted". -- Sendmail is a bug, | Henry Spencer at U of Toronto Zoology not a feature. | uunet!attcan!utzoo!henry henry@zoo.toronto.edu
wright@hsi.UUCP (Gary Wright) (11/11/88)
In article <1330@stiatl.UUCP> pda@stiatl.UUCP (Paul Anderson) writes: >This is a call for votes on whether netters feel that: > >yes) the recent worm was a service and the fellow should > at least be left to die in peace (...if not thanked). > >no) did us a great disservice and should be prosecuted to > the fullest extent of the law. > I think you missed (at least) two other possibilities: 1) the recent worm was a service *and* the fellow should be prosecuted to the fullest extent of the law. 2) the recent worm did us a great disservice *and* the fellow should at least be left to die in peace. Other possibilities depend on the level of service you think was provided by the worm, what kind of damage was caused by the worm, and the punishment that should result. Personally, I think that it was good that these security flaws were pointed out, but that is no excuse for the time and money that was wasted. Others have said that there were better ways to go about publicizing the security flaws, I agree. I also wonder what the real intentions were. According to reports I have read, the worm was not supposed to be detected. Ok, so he successfully, quietly, penetrates 6,000 computers. Then what? What would have been his next experiment? Even if he had no malicious intent, who is to say that his next experiment would not have had a more serious, damaging flaw? -- Gary Wright ...!uunet!hsi!wright Health Systems International wright@hsi.uu.net
jal3495@ultb.UUCP (Jeff Leyser) (11/11/88)
In post <1303@stiatl.UUCP>, pda@stiatl.UUCP (Paul Anderson) says:
!yes) the recent worm was a service and the fellow should
! at least be left to die in peace (...if not thanked).
!
!no) did us a great disservice and should be prosecuted to
! the fullest extent of the law.
!Paul Anderson gatech!stiatl!pda (404) 841-4000
Dammit! I am so sick of this I am at last going to speak up.
The above options are NOT the only two alternatives!! As is usual
on the net, the issue has been polarized by several net.gods and (for
lack of a better term) net.anti-gods. And, as usual, everyone is
rushing to join up with one side or the other.
Here is a news flash for ya, folks. What RTM did is A Bad Thing. And
the inaction on the part of those who knew about the sendmail bug is
also a Bad Thing. How about a vote choice for 'he did us a great
SERVICE, and for that we should be glad, but AT THE SAME TIME, he went
about it all wrong, and for that he should be PUNISHED!
But there is a larger issue here, net.folks. The world is NOT black and
white!!!! Stop trying to deal with it that way! Think for yourselves,
don't just line up with Gene (who I respect) because he is an outspoken
net.god, and don't just line up with weemba (who I respect)
because he is an outspoken net.anti-god. Time and time again I have
seen the net become polarized by emotion, and retorhic, and time and
time again I have kept my mouth shut and fingers by my side, but not
this time. This time the issue goes well belong our little net.cottage,
and extends to the fullest reaches of the media. *Everyone* is talking
about this thing, and if we let ourselves be polarized into inaction, we
are doomed.
--
Jeff Leyser, Professional Student {WCS}!rochester!ritcv!ultb!jal3495
a[b] == b[a] -- The Ultimate in Job Security
I can't have opinions, I didn't pay my opinion fee this term.root@libove.UUCP (Jay M. Libove) (11/13/88)
From article <1330@stiatl.UUCP>, by pda@stiatl.UUCP (Paul Anderson): > This is a call for votes on whether netters feel that: > > yes) the recent worm was a service and the fellow should > at least be left to die in peace (...if not thanked). > > no) did us a great disservice and should be prosecuted to > the fullest extent of the law. > > -- > Paul Anderson gatech!stiatl!pda (404) 841-4000 > X isn't just an adventure, X is a way of life... I think that the options in this vote are inadequate, or at least that they imply that "I believe that his actions performed a service" means "I don't think they should string him up" and that "it wasn't a service" means "He should be strung up". Please restate this vote, tossing all previous entries, and ask in this form: yes) it was a service, regardless of what happens to him. no) it was not a service, regardless of what happens to him. or else perhaps yes) he should be strung up, regardless of whether it was a service no) he should not be strung up, regardless of whether it was a service Otherwise I feel that peoples' votes will not be representative of their opinions on these TWO different issues. -- Jay Libove ARPA: jl42@andrew.cmu.edu or libove@cs.cmu.edu 5731 Centre Ave, Apt 3 BITnet: jl42@andrew or jl42@drycas Pittsburgh, PA 15206 UUCP: uunet!nfsun!libove!libove or (412) 362-8983 UUCP: psuvax1!pitt!darth!libove!libove
hb@boole.acc.Virginia.EDU (Hank Bovis) (11/16/88)
In article <188@ultb.UUCP> jal3495@ultb.UUCP (Jeff Leyser) writes:
#Dammit! I am so sick of this I am at last going to speak up.
#[...]
#The above options are NOT the only two alternatives!! [...]
#How about a vote choice for 'he did us a great
#SERVICE, and for that we should be glad, but AT THE SAME TIME, he went
#about it all wrong, and for that he should be PUNISHED!
#[...]
#The world is NOT black and white!!!!
#Stop trying to deal with it that way! Think for yourselves,
#don't just line up with Gene (who I respect) because he is an outspoken
#net.god, and don't just line up with weemba (who I respect)
#because he is an outspoken net.anti-god.
This is one the best articles I have read in any group on the net
in the brief time I've been reading here. I "line up" with every word
of the above.
And seriously, I think there should be a vote taken that includes this
choice or some other middle ground... it would be nice to know how many
middle-of-the-road, reasonable folks there are lurking out there...
#Jeff Leyser, Professional Student {WCS}!rochester!ritcv!ultb!jal3495
Hank Bovis
hb@virginia.eduyba@arrow.bellcore.com (Mark Levine) (11/17/88)
[on lining up behind every word] It seems that news.admin is not a group where votes need to be taken on anything. I did send e-mail to the fellow who felt it was a good idea to call for yet another poll pretty close to election day and asked him, politely, to go away, largely because it was not a black- and-white question. I meant no disrespect, but really, this poll is not an issue that needs to be brought to the attention of admins (perhaps the virus is, but your opinions of it is not) nor is it a new news group that needs a net.vote. If you won't take it away, at least please take it somewhere appropriate. [And please don't call for a vote on where is appropriate in news.admin -- it is getting hard enough to get the wheat from the chaff in here; if admins start unsubscribing because of the signal to noise ratio, you have defeated the purpose of the group). Eleazor bar Shimon, once and future Carolingian yba@sabre.bellcore.com