Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!cwjcc!ukma!husc6!purdue!spaf From: spaf@cs.purdue.edu (Gene Spafford) Newsgroups: news.sysadmin Subject: Re: Would you hire The Worm? Message-ID: <5541@medusa.cs.purdue.edu> Date: 29 Nov 88 22:53:59 GMT References: <456@utoday.UUCP> <10538@ncc.Nexus.CA> <13162@ncoast.UUCP> <3738@inco.UUCP> <5518@medusa.cs.purdue.edu> <3768@inco.UUCP> Sender: news@cs.purdue.EDU Reply-To: spaf@cs.purdue.edu (Gene Spafford) Organization: Department of Computer Science, Purdue University Lines: 54 In article <3768@inco.UUCP> mack@inco.UUCP (Dave Mack) writes: >Haven't you ever written a program that contained redundant or >dead code that you intended to hack out in the final version? How do you know this version of the Worm wasn't the final version? >Finally, coding system calls >with weird arguments is one of the classic methods of probing for >holes in an operating system. In which case, why would one bother >running it through lint? The bogus arguments to calls were not there to probe for holes. The calls were in a logical pplace, but they just had the wrong arguments. It's obvious what the difference is if you read it. >Again, an assumption. I suppose that I'm just a chicken, but I thought >that having his name spattered across the evening news, having the FBI >probing through every aspect of his life, etc., might have a slightly >sobering effect on him. There are some warped individuals who get off on such publicity. I'm not claiming that the author is one of those, but it is possible. It is also possible that the current exposure will "harden" the author for the next time.... >How do you know that the "culprit" >released this thing into the Internet intentionally? Can you prove >that the release of the worm was intentional rather than accidental? The program was written to break into systems. Aggressively. It could have no other use. Furthermore, there is *nothing* in the code to stop it. It doesn't check for a special host, it doesn't look for a special file, it doesn't listen for any special messages...it just infects every machine it can reach. I can't conclude that it wasn't an accident, but I don't believe it was. >Wouldn't it be interesting if all of this had happened because he >accidentally deleted a line containing a chroot(2) call? chroot wouldn't have stopped this. >How about waiting to hear RTMjr's side of the story, Gene? Remember the >old gag about innocent until proven guilty? You keep talking about ethics >and morality, but you seem ready to lynch the guy without a trial. And you're pinning it on him without a confession or conviction. How do you know RTM did it? I'm also not interested in a lynching. -- Gene Spafford NSF/Purdue/U of Florida Software Engineering Research Center, Dept. of Computer Sciences, Purdue University, W. Lafayette IN 47907-2004 Internet: spaf@cs.purdue.edu uucp: ...!{decwrl,gatech,ucbvax}!purdue!spaf