Re: Crackers and Worms

Andy Nicholson (mcrware!
7 Nov 88 20:16:30 GMT

Just a note regarding the recent illness of the internet, etc. I am sure
that the perpetrator will be found and almost certainly punished in some
way. But I for one thank the guy. Fred Cohen and others have been telling
people this could happen for a long time. Now somebody actually did it, in
a fairly benign manner. The New York Times article on Saturday implied that
the worm was not supposed to make itself so apparent, but bugs will happen!

Perhaps the plan was not to make such a mess as to force everyone to clean
up the problem, but to simply "mole" into as many systems as possible. At
some later date the perpetrator could then start pointing fingers. Upon the
inevitable denials, that person could then say "Look for file XXXXXX and
process XXXX on your system, and then tell me you did not get infected".

You just can't convince some people that something is possible until it is
too late. I have seen some postings on the net about "Other people know
how to do this too, but we are too polite to do it". Well, that is not
sufficient. If you know it can happen, why was this gaping hole left in?
Lucky for us it was a reasonably responsible person who did this instead of
a juvenile "cracker" who thought "Oh boy, wouldn't it be neat to crash
every machine on the internet and delete all their files." Obviously things
could have been a lot worse. The fact that these holes were left in and not
fixed is a problem. Those who were aware of the problem and did not do
anything about it are just as guilty as the person who did.

If these holes had been fixed in the first place, maybe nothing would have
happened. Maybe next time someone discovers a security hole, they will fix
it instead of being polite and not exploit it. If you haven't got the time,
then at least post it and maybe someone else will have or make time enough
for fixing security problems.

I'll bet the KGB are laughing their asses off.

Andy Nicholson
Microware Systems uunet!mcrware!droid
These are my opinions, the company policy manual says so.

This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:44:29 GMT