Ralph.Hyre@IUS3.IUS.CS.CMU.EDU (11/06/88)
Read a disturbing report in the Sunday paper (Pittsburgh Press, pA16), attributed to 'Press news services; LA Times, distributed by LA Times-Washington Post News Service': "Most of the program has been deciphered, but the computer scientists said they were no longer allowed to discuss the virus because of a Pentagon directive." I find this disturbing, was a 'gag order' really issued? By whom? To what parties? - Ralph W. Hyre, Jr. Internet: ralphw@ius3.cs.cmu.edu Phone:(412) CMU-BUGS Amateur Packet Radio: N3FGW@W2XO, or c/o W3VC, CMU Radio Club, Pittsburgh, PA "You can do what you want with my computer, but leave me alone!8-)"
bostic@OKEEFFE.BERKELEY.EDU (Keith Bostic) (11/06/88)
> "Most of the program has been deciphered, but the computer scientists said > they were no longer allowed to discuss the virus because of a Pentagon > directive." I have no knowledge of this, and the government portion of the Internet is quite aware that we have decompiled source. They have requested a copy but, again, to my knowledge, have made no further requests. The Berkeley postings to this mailing list and to USENET have reported, in extensive detail, EVERYTHING that is interesting about this worm. I don't believe there is anything to be gained by copies of the source being readily available. --keith
phil@BRL.MIL (Phil Dykstra) (11/11/88)
> Read a disturbing report in the Sunday paper (Pittsburgh Press, pA16), > attributed to 'Press news services; LA Times, .... > ..., was a 'gag order' really issued? By whom? > To what parties? Funny that this came out on Sunday. Last Friday morning 4 November, Mike Muuss at BRL was called (at home!) by the LA Times. I had also been given local approval to talk to the Baltimore Sun when we learned that "all inquiries by the press to DoD employees were to be directed to the Media Desk, DoD." So, that's what we stated doing. You can't blame them for being concerned about what was said early on. I have not checked to see if this directive is still in effect, but we did turn down another LA Times reporter this Tuesday. This past weekend, we finished pulling all of the routines that Berkeley and MIT had not yet done (at least last we saw) back to source code. We can now second remarks made on this list with complete confidence, that: 1) The *only* methods of penetration used the the worm were the sendmail debug option, and the fingerd deamon. It would try to exploit rsh, but not by using any hiddend bugs, just by trying for "open" systems. If it succeeded in breaking any local passwords it would then try "rexec" to login with that user and password. 2) It did no writes whatsoever except to its own temp files, so you need not be concerned about it corrupting anything on your machine. 3) All requests for source code will be ignored. It was to the InterNets credit how rapidly everone figured out and stopped this worm. The work by Berkeley and MIT is particularly noteworthy. Since I have not asked the individuals I wont mention any names, but I would like to thank the people that we worked around the clock with at: Berkeley, Naval Academy, Harvard, Seismo, Argone, Pentagon, and the MILNET Monitoring Center. - Phil