The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #400 [Re: Disassembled virus?] (1 message, 1256 bytes)
NOTICE: recognises the rights of all third-party works.


From: Theodore Ts'o <[email protected]>
To: phage
Date: Sat 12:42:47 05/11/1988 EST
Subject: Re: Disassembled virus?
References: [Thread Prev: 229] [Thread Next: 052] [Message Prev: 399] [Message Next: 401]

   Date: Sat, 5 Nov 88 09:30:10 EST
   From: [email protected] (Steven D. Miller)

      Now that MIT and perhaps others have disassembled the virus objects,
   could they make them available to others somehow?  Are they already
   available, and did I just miss that piece of mail in the rush?  Do people
   feel that general distribution of the main virus/worm pieces is a bad idea,
   due to their potentially explosive nature?

After re-reading the message which I had originally sent out, it seems
that it contained some misleading info about the worm disassembly
effort, possibly inadvertantly slighting a lot of people who were
working on cracking it.  I never wanted to imply that MIT was the only
site that had disassembled it.  MIT and Berkeley exchanged disassembly
results two or three times during that night, and I'm sure several other
site had people working on it independently as well.  Sigh.  Sorry, if
anyone was offended; chalk it up to lack of sleep.

As for redistribution of the virus, what do people think?  Since many
people probably have at least partial disassemblies of the worm,
surpressing it would probably be a difficult task.  My personal feeling
is that we should distribute them, since fixes to the security holes
have been distributed.  On the other hand, if anyone discovers any other
holes, they could reuse parts of the virus to build a new one.

One thing about this list: it was assembled hastily for an emergency
purpose.  Great thanks to Gene Spafford for creating it!  As an
emergency list, however, it has a large number of bad addresses on it
(or shutdown mailers :-)  At some point, we should retire this list, and
re-create the security mailing list.  While people may agree or disagree
about whether the security list should be ``secure'' (and please let's
not rehash all of this again here), we should remember that this list is
_not_ secure.  Not that this was a problem, since the more information
that could be distributed on the virus, the better.  But some people may
disagree about whether this is appropriate for general security

						- Ted Ts'o