VIRUS-L Digest Friday, 2 Dec 1988 Volume 1 : Issue 29
Today's Topics:
Internet Worm Report in the UK
Is time money? (Internet Worm)
Final Call for Survey Responses
RE: Attitude of Alvi brothers (PC Brain virus)
computer virus institute
Choice of crypto keys
RE: James Mathiesen's "Ethics of a worm" (Internet Worm)
Internet Worm (will it ever end :-)
---------------------------------------------------------------------------
Date: 1-DEC-1988 10:49:07 GMT
From:
[email protected]
Subject: Internet Worm Report in the UK
It would make sense to have just ONE copy of the Internet Worm Report sent
across the ocean blue to this fair isle. If anyone already has a copy,
let me know. Otherwise if someone would be kind enough to chop it into
bite-size chunks small enough for BITNET to digest and mail it to me (I can't
FTP from here) I'd be prepared to mail it to people on JANET (the British
"Joint Academic NETwork").
Please mail me first, to make sure it can get through.
cheers,
Mike
* Mike Salmon, Phone +44 603 56161 x2875 Time GMT *
* Climatic Research Unit, JANET
[email protected] UUCP _not_ via UKC *
* University of East Anglia, BITNET
[email protected] BIX msalmon *
* Norwich, Norfolk, ARPA f026%
[email protected] *
* United Kingdom Elsewhere f026%
[email protected] *
* - - - - "How far can you comfortably spit a mail gateway?" - - - - *
------------------------------
Date: Thu, 1 Dec 88 19:57:48 CST
From: Richard G Larson <U09254@UICVM>
Subject: Is time money? (Internet Worm)
Alan T. Krantz asks:
> Would a person (or persons) who was detained (or put to work) during
> the Virus attack lost XXX time (would have been doing XXX time of
> productive work)?
I have up until now just reading what goes by on this list; this makes
me ask the question: does all time belong to society (Society?)? Is
not a person entitled not to have his time wasted? Would the same
argument apply to increasing the number of hours of work per day by
factory workers without an increase in pay? (Should we ask what
productive work they would have been doing in their off time?)
------------------------------
Date: Thu, 01 Dec 88 21:03:42 EST
From: Ron Dawson <053330@UOTTAWA>
Subject: Final Call for Survey Responses
Hello,
If anyone is still interested in responding to the survey, please try
and send your responses to 053330@UOTTAWA by December 3rd.
Regarding Martin's comments about questions 4-10, I do not see a real
problem. The purpose is to determine how people perceive themselves,
not how I would perceive them. Whether they are really an 'EXPERT' is
another question altogether.
The questions that I wish I could change are 22 and 23, but I will
speak more on this when I send our summarized results to the list.
So, once again, thank you for your cooperation.
- - Ron Dawson
Systems Science
University of Ottawa
[email protected]
------------------------------
Date: Thu, 01 Dec 88 21:36:45 CST
From: C482529@UMCVMB
Subject: RE: Attitude of Alvi brothers (PC Brain virus)
Stephen Tihor <
[email protected]> writes:
>... The story there was that
>Alvi sold bootlegged copies of American Software since there is no
>software copyright in Pakistan. But in a moral act when a foreigner
>bought a copy planning to take it back to the States or the EEC (he
>assumed) where it would be illegal he have him a virus infected copy
>since that was stealing the software. A very legal attitude.
Perhaps, but what about perfectly innocent computer users who may
be infected when the virus spreads? These people have nothing to
do with the original 'crime', which Alvi took upon himself to 'punish.'
A more correct way to do this would be to modify the Lotus 1-2-3,
WordStar, whatever, so that the program itself is subtly malicious, but
*not* so that it would copy this maliciousness around...
- -tony
[email protected]
[email protected]
------------------------------
Date: Thu, 1 Dec 88 21:08:22 CDT
From: Len Levine <
[email protected]>
Subject: computer virus institute
There has been some discussion in this forum of the computer virus
institute. Recently I sent them some mail and got on their mailing
list, their letterhead states that the address is:
The International Computer Virus Institute
3030 Bridgeway Boulevard
Sausalito, CA 94965
(415) 332-8548 FAX (415) 331-0946
They have prepared a "Mission Statement" which, in my opinion is about
what one might expect such a group to state. One item (#8) in their
list states:
"Make available immediately a video program and a fact sheet to
motivate all computer users to take virus infections seriously and
adopt appropriate defensive actions."
good idea.
The international panel of advisors established by this group consists
of experts from universities. I am currently one of thier experts. I
do not believe that the press release that I have a draft of is to be
made public yet, but it contains the names of several University
faculty who are prepared to talk, advise etc. about viruses.
With luck and careful editing a group like this can do some good. I
will keep you informed of their actions as they occur.
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
| Leonard P. Levine e-mail
[email protected] |
| Professor, Computer Science Office (414) 229-5170 |
| University of Wisconsin-Milwaukee Home (414) 962-4719 |
| Milwaukee, WI 53201 U.S.A. Modem (414) 962-6228 |
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
------------------------------
Date: Wed, 30 Nov 88 18:08 EST
From:
[email protected]
Subject: Choice of crypto keys
Mitch asks (of L. Kiem):
>Now forgive my possible ignorance, but it seems to me that if a virus
>could bypass an encryption algorithm, the key used wouldn't matter.
It is a desirable, but not necessary, property of an encryption
algorithm that its strength be independent of the key chosen. Even the
DES has eight weak keys (out of 2**56).
William Hugh Murray, Fellow, Information System Security, Ernst & Whinney
2000 National City Center Cleveland, Ohio 44114
21 Locust Avenue, Suite 2D, New Canaan, Connecticut 06840
------------------------------
Date: Tue, 22 Nov 88 19:55 EST
From: Lynn R Grant <
[email protected]>
Subject: RE: James Mathiesen's "Ethics of a worm" (Internet Worm)
Suppose you went out one night, leaving your back door unlocked. A
good samaritan who was walking through the neighborhood, for some
reason checking doorknobs, noticed that your door was not locked.
Concerned that a theif might discover your oversight and steal all
your stuff, she decided to teach you a lesson, so you would remember
to lock your door in the future. What she did is take your garbage
cans (or someone else's; I don't think it makes a difference) and dump
them all over your floors.
Upoon returning home and discovering what had been done to your house,
you would probably be irate because
1) You resented the fact that someone had inflicted this anti-social
behavior upon you,
2) You worried about what could have happened had the culprit been a
real thief, rather than a messy good samaritan,
3) You had to spend a bunch of time cleaning up the garbage, and
4) You had to pay someone to clean your carpets, and
5) You had to cancel a dinner party scheduled for the next day, since
the house was in no state to entertain in.
I think this discribes a non-computer situation (the kind of situation
that laws and ethics are better at dealing with, at least so far) that
parallels that of the RTM worm (assuming that RTM, or whoever the
courts decide is responsible for the worm, was trying to teach us a
lesson, rather than just breaking the network "because it was there.")
Now suppose you discovered who the G.S. was, perhaps because she
bragged about the lesson she had taught you, or maybe because someone
saw her performing her act. You told the police, who arrested her and
brought her to trial. I am no lawyer, but here is what I think a
judge or jury would probably decide:
1) and 2) fall into the category of mental anguish; you have not actually
been harmed, you just worried a lot. Probably the G.S. would either get
a short jail term (<30 days, maybe serving only on weekends) or have to
perform community service for a while. The idea is that there has to
be some punishment, to remind the G.S. that her behavior will not be
tolerated, but it's not really a big thing, so no long sentence is
in order. ("Let the punishment fit the crime.")
3) and 4) cost you some effort and money (even if you did the work youself,
there's lost opportunity cost), so the G.S. would probably have to reimburse
you for your carpet bills, and maybe your own effort at some hourly wage.
5) would probably fall into the same category as 1) and 2). However, if
the party you had to cancel was a business event, crucial to winning a
large contract, I'm not sure what the courts would say. If they did
extract a penalty, it would probably be a monetary one.
So, returning from the analogy to the case at hand, I think it would be
reasonable for RTM (who is innocent till proven guilty) or whoever the
culprit turns out to be to perform community service, perhaps in a way
that doesn't make it easy for him to do more virus experiments, in case
he goes sour again, and to pay for the monetary costs of his actions.
I do not feel we should thank him for not trashing our data, and I do
not think he should be praised for pointing out our security flaws by
breaking into the system. This sort of behavior is not tolerated in
non-computer areas of society; why should computers be different. Try
walking into a bank with a fake gun and telling them it is a stick-up,
or pretend hijacking a plane. I believe you will be treated much worse
by the authorities than what I am proposing for RTM, or whoever.
Lynn R Grant
Technical Consultant
Computer Associates International, Inc.
My opinions are my own, and not neccessarily those of my employer.
Thanx,
Lynn
------------------------------
Date: Fri, 2 Dec 88 08:22 EST
From: Mitchel Ludwig <
[email protected]>
Subject: Internet Worm (will it ever end :-)
Ok, guys, forgive me if this has been done before, but I've
got what I think to be an interesting question :
Once it was determined that the only bad side effect of
Morris's worm was that it propagated itself into infinity, causing
host systems some problems, would it have been possible to add code to
the program? What I mean is would it have been possible to add to the
original source a section of code that would :
a) Check to see if the sendmail bug was present on the host
system and if so, fix it.
b) Mail itself to all the sites on the hosts SYSTEMS list.
c) Remove itself from the host system.
In effect, wouldn't this have eliminated the problem by use of
the same bugs which allowed it in the first place? I ask this because
a friend of mine (who is a pre-med student) compared it to using a
disease to cure itself. In other words, using a less virulent strain
of a virus to be used as a way of building up ones immune system to
that very virus. Sounded reasonable so I ask ya, is it possible?
Also, if this has been proposed before, can someone point me at the
date ranges of the discussion so I can grab the archives? My friend
and I will be most appreciative.
Danka Dude.
Mitch
____________ _____/--\_____
\______ ___) (_ _ _____) UUCP : lehi3b15!rastro!mfl
__\ \_______/ / `--' BITnet :
[email protected]
)Space for Rent`|=( INTnet :
[email protected]
\--------------'
Disclaimer? I don't need one. No body takes me seriously anyway...
------------------------------
End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253
