dtynan@sultra.UUCP (Der Tynan) (11/08/88)
In retrospect, from someone who wasn't affected (directly) by the recent worm, I think the repercussions will be far-reaching, and painful for everyone. I have to disagree with Weemba's comments about how Morris has done us a favor (It's not the first time I've disagreed with him - his position is usually contrary to my own). In the first place, mail (and news) is backed up all over the place. I think it will be that way for some time. I am predicting that a lot of 'anonymous' ftp sites will disappear. More companies will follow the AT&T example, and stop forwarding mail. Others will drop USENET completely. It is one thing to say that the danger has passed, but when one looks at the general public's view of other 'virii', a lot of people tend to be irrational. They will view the security breech as being caught 'with their pants down'. All one has to do is look at the way the press is handling the whole affair. The headlines read 'Defense computers compromised'. They would have you believe that we were seconds away from World War III (shades of 'War Games'?). The popular press has long been enamoured with the 'Hacker' (their words not mine). They will probably make Mr. Morris 'Crown Prince of Hackers'. As a reference, consider such luminaries as John Lennon's killer (I refuse to give his name), who did it purely for the glory (?). If we could increase the overall network security, without compromising its effectiveness, then perhaps Morris' attack would be beneficial. As it is, the only difference it will bring about, is a stricter network. Not necessarily a better or more secure network, but one in which the flow of data is more controlled. It is clear that there are a lot more bugs which could be exploited, to produce even worse effects. How will these be discovered? Hopefully, through dissemination and education. I, for one, was not aware that sendmail had that bug (and I certainly don't blame the fiasco on the person who left the 'debug' option in-place). Had the circumstances been different, I would not have been pleased to find out 'the hard way'. In general, a lot of people will be asking their System Adminis- trators, how this could happen, and what has been done to prevent a reoccurance. In all honesty, without devoting many man-years to finding the rest of the bugs, nothing short of 'pulling the plug' will suffice. In many cases, this will indeed be the result. All in all, my goal of working at home, just took three steps backward, and the process of linking many machines across the planet, with the concept of 'shared information' has probably been pushed back irretrievably. As for Morris' defense, that he didn't expect the program to swamp the machines I claim that this is no defense. Consider, that if his program HAD WORKED AS HE WANTED IT TO, no-one would be the wiser, right now. What's more, the next generation of his worm, could transfer the source, when on a machine besides a VAX or Sun. In which case, by the time anyone actually discovered the worm, *every* system on the Internet would be contaminated. Not to mention the UUCP network. Before this gets totally out of hand in terms of public perception, we need to address the underlying mechanism that lets this happen. I say, "send him to the salt mines", and we won't have to worry about someone trying it again... - Der -- dtynan@Tynan.COM (Dermot Tynan @ Tynan Computers) {apple,mips,pyramid,uunet}!zorba.Tynan.COM!dtynan --- God invented alcohol to keep the Irish from taking over the planet ---