Worms and Paranoia


Der Tynan (voder!pyramid!prls!mips!sultra!dtynan@ucbvax.Berkeley.EDU)
8 Nov 88 03:44:30 GMT


In retrospect, from someone who wasn't affected (directly) by the recent worm,
I think the repercussions will be far-reaching, and painful for everyone.
I have to disagree with Weemba's comments about how Morris has done us a
favor (It's not the first time I've disagreed with him - his position is
usually contrary to my own). In the first place, mail (and news) is backed
up all over the place. I think it will be that way for some time. I am
predicting that a lot of 'anonymous' ftp sites will disappear. More companies
will follow the AT&T example, and stop forwarding mail. Others will drop
USENET completely. It is one thing to say that the danger has passed, but
when one looks at the general public's view of other 'virii', a lot of
people tend to be irrational. They will view the security breech as being
caught 'with their pants down'. All one has to do is look at the way the
press is handling the whole affair. The headlines read 'Defense computers
compromised'. They would have you believe that we were seconds away from
World War III (shades of 'War Games'?). The popular press has long been
enamoured with the 'Hacker' (their words not mine). They will probably make
Mr. Morris 'Crown Prince of Hackers'. As a reference, consider such
luminaries as John Lennon's killer (I refuse to give his name), who did it
purely for the glory (?). If we could increase the overall network security,
without compromising its effectiveness, then perhaps Morris' attack would be
beneficial. As it is, the only difference it will bring about, is a stricter
network. Not necessarily a better or more secure network, but one in which
the flow of data is more controlled. It is clear that there are a lot more
bugs which could be exploited, to produce even worse effects. How will these
be discovered? Hopefully, through dissemination and education. I, for one,
was not aware that sendmail had that bug (and I certainly don't blame the
fiasco on the person who left the 'debug' option in-place). Had the
circumstances been different, I would not have been pleased to find out 'the
hard way'. In general, a lot of people will be asking their System Adminis-
trators, how this could happen, and what has been done to prevent a
reoccurance. In all honesty, without devoting many man-years to finding the
rest of the bugs, nothing short of 'pulling the plug' will suffice. In many
cases, this will indeed be the result. All in all, my goal of working at
home, just took three steps backward, and the process of linking many machines
across the planet, with the concept of 'shared information' has probably
been pushed back irretrievably.
As for Morris' defense, that he didn't expect the program to swamp the machines
I claim that this is no defense. Consider, that if his program HAD WORKED AS
HE WANTED IT TO, no-one would be the wiser, right now. What's more, the next
generation of his worm, could transfer the source, when on a machine besides
a VAX or Sun. In which case, by the time anyone actually discovered the worm,
*every* system on the Internet would be contaminated. Not to mention the
UUCP network. Before this gets totally out of hand in terms of public
perception, we need to address the underlying mechanism that lets this happen.
I say, "send him to the salt mines", and we won't have to worry about someone
trying it again...
                                                - Der

--
	dtynan@Tynan.COM  (Dermot Tynan	@ Tynan	Computers)
	{apple,mips,pyramid,uunet}!zorba.Tynan.COM!dtynan

--- God invented alcohol to keep the Irish from taking over the planet ---



This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:44:29 GMT