The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #294 [Re: ~uucp/.forward] (1 message, 1052 bytes)
NOTICE: recognises the rights of all third-party works.


From: Gene Spafford <spaf>
To: phage
Date: Wed 17:19:51 23/11/1988 EST
Subject: Re: ~uucp/.forward
References: [Thread Prev: 291] [Thread Next: 272] [Message Prev: 295] [Message Next: 298]

From here the view is that this list isn't for posting anything about
security flaws in programs unless a simple fix accompanies it.

I really don't want this to turn into a security mailing list...we've
got enough of those already.  This list is going to wind down and go away
before too long if that is what it becomes.

The reason I'm keeping this list at all is to try to talk about some of
the meta-issues:  what steps do we take to prevent the next worm?  What
reactions are companies having to all this?  Etc.

From the mail I sent out last week:

I see the following topics as being some of the things this list is
appropriate for; other topics may also be suggested:

* How do we prevent future attacks like this?
* What is the best way to publicize seccurity problems and fixes?
* How can we communicate next time there is a problem that
  fragments the Internet?
* How has the media covered this event?  What can we do to make
  future coverage better?
* Can we coordinate some kind of security audit of network software?
  Should we?  Or should this be left just to Berkeley and vendors?

Although I am interested in the following topics, I think they are
not appropriate for this list:

* What punishment should the "wormer" get?
* What is the $$ amount of damages involved and how do we tell?
* What motivated RTM (allegedly) to do this?
* Was it a wrong thing to do this?  (I exclude this topic because
  I feel it is incredibly insulting to anyone who uses computers
  responsibly.  The majority of us feel it was wrong, and this
  list is not a place to debate matters of degree.)