The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #109 [A chill on network services...] (1 message, 806 bytes)
NOTICE: recognises the rights of all third-party works.


From: [email protected] (Dwight D McKay)
To: phage
Date: Mon 13:00:41 07/11/1988 EST
Subject: A chill on network services...
References: [Thread Prev: 140] [Thread Next: 110] [Message Prev: 160] [Message Next: 111]

One of the most bothersome aspects of the occurance of this worm is the
effect it will have on the development of network services.

If something as short and simple as fingerd can be comprised by a
simple bug, would you feel comfortable installing in the next spiffy
network service which becomes available?

How about those places which produce large bodies of network code for
BSD unix?  I'd bet you're more then a little worried about the
possibility of security holes in your code.  I'd further bet that your
legal department is considering if they'll let your nifty new code head
out the door at all.

Some folks here are building an account maintainance tool.  It's
distributed amoungst machines, extendable, runs on top of UNIX without
major retooling, etc.  Great for large networks.  Will it ever be
distributed?  A week ago I might have said, "sure, maybe early next
year", now I'm not so sure.

The potential chill on research is quite sizeable.

I agree with Doug.  Punishment needs to be given out.  Our ethical
standards need to be defended.