Mike Marshall (firstname.lastname@example.org)
8 Nov 88 16:03:29 GMT
Dave Emberson (email@example.com) points out how anti-social and ir-
responsible Robert Morris was to unleash the worm, and is upset
that Mr. Morris is being glorified at the expense of the net (in
the form of hundreds of man hours put in by worm eradicators). I
understand the point Mr. Emberson is making, but I want to ask
him... if HE has known about this hole for four years - why
didn't he do something about getting the word out? What has Mr.
Emberson done to help me close the hole? Nothing. Mr. Morris has
seen to it that the sendmail hole, and several others, are mostly
fixed across the whole network. I wonder how many man hours of
work it would have taken to fix sendmail, finger and the ftp bug
(that wasn't part of the worm, but has come to light, I believe,
because of the worm), network wide, under any other circumstances
anyone cares to imagine?
I wish the network only had people as trustworthy as me on it :-),
but you know that there are people out there who will take advant-
age of any security hole they find... our only hope is to know
about those holes & close them.
So, I don't want to applaud Mr. Morris for his poor judgement in
unleashing the worm, but I'm glad the holes are fixed now (no
thanks to you Mr. Emberson!).
-Mike Marshall firstname.lastname@example.org ...!hubcap!hubcap
DISCLAIMER: If Mr. Emberson has spent the last four years trying
to get everyone he knows to turn off "debug" on their send-
mails... my apologies to him. It just seems to me that the worm
issue points out once again that "security through obscurity" is
no security at all.
This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:44:29 GMT