Newsgroups: news.sysadmin
Path: utzoo!utgpu!tmsoft!mason
Subject: Re: Possible Fines for Virus Perpetrator
Message-ID: <1988Nov9.033444.20788@tmsoft.uucp>
Followup-To: news.sysadmin
Summary: ambiguous (but I think apropos) comments + RT?F?M
Reply-To: mason@tmsoft.UUCP (Dave Mason)
Organization: TM Software Associates, Toronto
References: <456@l5comp.UUCP> <12081@dscatl.UUCP> <16600@agate.BERKELEY.EDU>
Distribution: na
Date: Wed, 9 Nov 88 03:34:44 GMT

In article <16600@agate.BERKELEY.EDU> weemba@garnet.berkeley.edu (Obnoxious Math Grad Student) writes:
>In article <12081@dscatl.UUCP>, lindsay@dscatl (Lindsay Cleveland) writes:
>>>		  So, it was Robert T. Morris Jr., was it?
>There are thousands of computers out there extremely vulnerable to attack.
>Instead of wailing on about class-action suits to recover "damages", all
>these sites that just maybe have woken up and plan to actually take secur-
>ity seriously should pay RTM in moneys saved from the potential *BILLIONS*
Hmmmm.....................^^^

I wonder if Mr. Morris really has a second middle name, like Fred :-)

Just to add a little content to this posting, I think spaf & weemba are
both right (did I hear 2 simultaneous gagging sounds? :-).

Yes this particular episode was expensive, yes our modern society (and its
logical extension, the net) lives by a set of morals and standards, and yes
we should enforce laws to make people realize that computer innards are REAL
ASSETS, just like BMW's and Lalique Crystal, and yes a lot of these problems
were known.....BUT

There are either:
a) a lot of sysadmins out there who don't think there's much point in taking
REASONABLE security precautions, like making sure that trusted programs like
mailers don't have wide-open DEBUG modes installed on production machines
-or-
b) a lot of sysadmins who's bosses don't think there's much point ....
and therefore have the sysadmins spend time & effort elsewhere.
-plus, of course-
c) sysadmins who haven't had the time/training to realize there are security
holes that need plugging.

I claim that this episode has helped (or at least should help) all 3 groups
to see the potential dangers and hopefully people will respond in a
positive way and work to plug OBVIOUS, WELL-KNOWN holes like this. 

Someone should apply to NSF or ARPA for an ongoing grant to produce a set of
worms/viruses every year or so that would go out into the net, nose around,
and finally send mail back home & to root on the machines affected warning
about holes it has managed to wriggle into....if I were running a military
network (even a wide-open-friendly military *research* network), I'd certainly
do something like that.

Just to put in some perspective on Gene's analogy of people using simple
locks on their front doors (and how you'd probably not appreciate people
breaking in to show you how lax the security was), consider another analogy
(which I should point out is not necessarily MORE accurate):

If you left your BMW 7xx sitting unlocked on the street in front of your house,
and some neighbourhood kid started playing in it, slamming the doors, got a
little mud on the seats, you'd be pretty ticked off, and you'd probably start
locking the car, even though it's a little less convenient.  This would
doubtless iritate you...at least until your nextdoor neighbour's unlocked
Caddy is ripped off by an amateur car theft ring.

Just some ambiguous thoughts on recent events.
	../Dave
