Information Technology Reference
In-Depth Information
1) don't run finger, or fix it to not
overrun its stack when reading arguments.
2) recompile sendmail w/o DEBUG defined
3) don't run rexed
Hope this helps, but more, I hope it is a hoax.
Sudduth's email was supposed to get routed through a computer at Brown Univer-
sity. However, computers at Brown were already infected with the worm and did not
have spare cycles to route the message. Also, the email did not have a subject line, which
made it less likely to be read during a crisis. The result is that the message was read too
late to be of any help to those fighting the worm.
System administrators at various universities worked frantically to stop the spread
of the worm. Within a day they had examined the worm's code, discovered the bugs in
sendmail
and
fingerd
, and published fixes to the Internet community. No one knows
exactly how many computers were infected by the worm, but it did make a significant
number of systems unusable for a day or two [26].
After some sleuthing by reporter John Markoff, the
New York Times
named Robert
Tappan Morris Jr. as the author of the worm. Morris was suspended from Cornell
University. A year later, he was the first person to receive a felony conviction under the
US Computer Fraud and Abuse Act. He was sentenced to three years' probation and 400
hours of community service, and was fined $10,000. His legal fees and fines exceeded
$150,000.
ETHICAL EVALUATION
Was Robert Morris Jr. wrong to unleash the Internet worm?
A Kantian evaluation must focus on Morris's will. Did Morris have good will? His
stated goal was to see how many Internet computers he could infect with the worm.
While Morris did not want to crash these computers or destroy any data stored on them,
his motivation was fundamentally selfish: he wanted the thrill of seeing his creation
running on thousands of computers. He used others because he gained access to their
machines without their permission. There is also evidence Morris knew he was using
others: he took measures designed to prevent people from discovering that he was the
author of the worm. From a Kantian point of view, Morris's action was wrong.
From a social contract point of view, Morris's action was also wrong. He violated the
property rights of the individuals and organizations whose computers were infected by
the worm. They had the right to determine who would use their computers, and they at-
tempted to enforce this right by requiring people to identify themselves by username and
password. Morris took advantage of security holes in these computers to gain unautho-
rized access to them. When his worm caused these computers to become unresponsive
or crash, he denied access to the legitimate users of these computers.
A utilitarian evaluation of the case focuses on the benefits and harms resulting
from the spread of the worm. The principal benefit of the Internet worm was that
organizations managing these Unix computers discovered there were two significant
