Andrew Hume (alice!andrew@ucbvax.Berkeley.EDU)
10 Nov 88 18:04:30 GMT
In article <17823@glacier.STANFORD.EDU>, jbn@glacier.STANFORD.EDU (John B. Nagle) writes:
> >According to press reports, RM spent his summers working at AT&T
> >on "Unix Communications Software Security". Anyone with a source
> >license check to see if he slipped a trojan horse into uucico
> >or uuxqt or something?
> This is serious. The knowledge that this person had the opportunity to
> tamper with the master source code for UNIX is very worrisome. A major
> examination of all AT&T-provided security related code is in order.
> We may not be at the end of this yet.
> John Nagle
come on. this is so prepostrous that i feel obliged to respond.
morris has never worked on System V code which is probably what you mean
by the master source. he has worked on Research Unix but given Ken Thompson
used his Turing Award lecture to advertise a trojan horse he put into
research unix; you would have to be very naive to trust research unix.
(although there are currently no known trojan horses or viruses.)
more importantly, morris has been doing this in an open way; penetrating systems
from the outside, not via trojan horses. in a peculiar (but obvious to me) way,
he is doing the honourable thing; attacking systems via their own foibles,
and not ones he has added. and we have heard peter honeyman acknowledge
morris's contribution towards the current uucp.
so think a little before raising panics and denigrating people's character.
This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:44:30 GMT