(heavy snippage) From: Rich Kulawiec <[EMAIL PROTECTED]>
> So let us take a moment and salute Robert T. Morris, who pulled our shorts up > over our heads and tied them in a knot without even really trying to, and woke > us up to a problem that we -- to both our credit and discredit -- are still > struggling with all these many years later. > And thence ensued the emergency "phage" mailing list, and the discussions which led to CERT, and the phone call from the feds asking that the dissassembled worm be removed from FTP, and the debate about disclosure policies, and and and... It's a little too early in the day for me to wax philosophical, but I will observe that one thing that has changed -- much for the worse -- in the interim is that many people knowingly permit their networks to be enormous sources of abuse (spam, viruses, worms, DoS attacks, proxy probes, etc.) on an ongoing basis. I find this astonishing: on November 3, 1988, some people *ran* to their data centers to unplug themselves, not because they were trying to avoid infection, but because they believed they already were and were trying to spare everyone else. What a pity that this ethic has gone by the wayside. And what an enormous cost that loss has imposed on all of us. Okay, I'll make a second observation: we considered the (possible) hijacking of even one system -- of which, for instance, a DEC VAX 11/780 would be a typical example -- to be a catastrophic event requiring immediate, continuous attention until fully resolved. Today, we are on an Internet where something upwards of 10e7, possibly upwards of 10e8, Windows systems (systems, I'll note, with much more computing horsepower and bandwidth) have been succesfully hijacked. Yet we see very little being done about it -- certainly nothing in the nature of a full-blown coordinated emergency response pre-empting all other activities. We talk about security a lot and we make nice noises, but we are unwilling to do what's truly necessary to prevent OUR OWN networks from being sources of attacks/abuse. ---Rsk You are a subscribed member of the infowarrior list. Visit www.infowarrior.org for list information or to unsubscribe. This message may be redistributed freely in its entirety. Any and all copyrights appearing in list messages are maintained by their respective owners.
