Re: Crackers and Worms


Andy Nicholson (mcrware!droid@uunet.uu.net)
9 Nov 88 16:59:53 GMT


In article <In article <76559@sun.uucp>, khb%chiba@Sun.COM (Keith Bierman - Sun Tactical Engineering) writes:
> I know how to get drunk and drive a truck right through a schoolyard.
> This would serve to demonstrate why we shouldn't serve such beverages,
> and why schools should be protected with huge fences (concrete) and
> armed guards.
>
> Of course not everyone wants to live that way.
>
> Note that only universities and research instuitions got infected.
> "real" companies have armed guards patrolling the net. This costs $$
>
> This infestation will result in more public hysteria, and will raise
> the cost of maintaining the net. Arbitrary levels of security are
> possible, but do we wish to bear the costs ?
>
> People who unleash viruses should be shot, or otherwise done away with.
>
I see my points were misunderstood.

1) It could have been worse
2) This was an attack made possible by glaring BUGS in system security
3) BUGS should be fixed when discovered
4) I do not in any way condone or support the irresponsible or destructive
        acts of others

In regards to the drunk driving analogy, tell me this:
Do you stand idly by while situations exist to allow less socially responsible
persons than yourself to engage in irresponsible behaviour?
Do you vote against people who try to pass laws against drunk driving?
Or do you encourage people to make it difficult to get drunk and drive?

I do not condone violent or malicious behaviour, but if potential victims
don't do all they can to protect themselves, or at least take reasonable
precautions, then they are targets for maladjusted individuals. You lock
your house and car don't you? Do you compile production versions of code
with "back doors"? Do you avoid dark back alleys at night?

I "thank" RTM (if he really did it, remember, innocent until proven) because
even though in apparently youthful enthusiasm and a lack of intelligent
restraint he released a worm or virus that was not actively malicious - it
did not attempt to destroy people's work. I "thank" him because he did
this before a purposefully destructive person did it. I do not "thank" him
directly for committing an irresponsible act, I'm just glad we got off
easy - this time.

What I hope happens from all this is -
1) System administrators are aware of the need for security. There will
        always be that element of society that delights in destruction.
2) Once proven guilty, the person who released the worm is punished. I just
        think they should go easy on him since there was no (apparent) malicious
        intent. My softness goes away if maliciousness can be proved.
3) Youthful or immature persons who are unable to cope with the frustration
        of being ignored will learn that doing something like this to bring
        attention to their point of view is not socially or morally acceptable.
4) Youthful or immature people who feel like being malicious in any activity
        will be punished for socially unacceptable behaviour.

I guess if you are perfect and did not do *anything* you would now consider
immature when you were younger, my congratulations.

Note that I make some assumptions about motives, etc., but I can only base
my point of view on the limited info available at this time.



This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:44:30 GMT