ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #060 [Re: Disassembled virus?] (1 message, 1312 bytes)
NOTICE: securitydigest.org recognises the rights of all third-party works.
START OF DOCUMENT
From: Paul A Vixie <firstname.lastname@example.org>
Date: Sat 18:59:28 05/11/1988 EST
Subject: Re: Disassembled virus?
References: [Thread Prev: 058] [Thread Next: 061] [Message Prev: 059] [Message Next: 061]
# I sure hope that some organizations file some civil suits against the guy. I've been thinking about this. My last comment wrt punishment had to do with potential guilty feelings after tearing the guy's arms off; I think (as is oft the case) I spoke in haste. Consider: 1. this will get the bugs cleaned up faster than anything else could have; 2. it could have been _much_ worse (how many files on your computer are writable by "daemon"? or, what if this thing had gone very slowly and sat quietly until a prearranged moment, instead of going out of control immediately? use your imagination -- if real harm had been intended, the Internet would be in deep doo doo); 3. the code was damned clever - certainly something I wasn't capable of at age 23; 4. it was not supposed to get as far as it did, but it escaped and went wild because of bugs. All in all, I feel kinda sorry for the guy at this point. Imagine going up to your father, who's been working his ass off for 50 hours without sleep trying to spin down this f---ing worm, and you have to tell him: uh, dad, it was me. So, no, I'm not saying it was okay. It would've been a lot better to have written the software, tested it on a closed network, documented its effects, and then sent the results to Berkeley or someone else who could send out some bugfixes; when it was over, the kid could've written a paper about it and he would've been a small-scale hero. Or, when it got out of his control, he should immediately have sent lots of mail around telling the world how to kill it off. But at 23, I would probably have gone catatonic after letting something like that loose by mistake. So, before we condemn the guy, let's get all the facts. If he really is a scumbag, fine -- but if he's a bright but careless kid, do we really want to see him go to prison for 20 years (one figure I've heard thrown around)? (As usual, and obviously: not speaking for my employer.) Paul
END OF DOCUMENT
|ISSN 1742-948X 01 (Online) | 2005/03/01 | Copyright 2002-2008 securitydigest.org. All rights reserved.|