[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: toad.com mailing list postings from possible virus authors



Keith, Kenneth:

I have been busy both cutting a GDB release (which isn't done yet) and
dealing with immediate management needs at my company.  But your
concerns are also of grave concern to me, so I'll take the time to
answer you fully.


I am uninterested in censorship of discussion of *any* topic on
mailing lists through my machine.  Your opinion is that this is
inappropriate use of the Internet.  I own the machine free and clear.
I personally pay its network bills.  If you examine its net
connectivity and the associated connection contracts, you will find
that the machine is attached via a worldwide network that explicitly
promises not to censor any traffic UNLESS AND UNTIL a court of law --
not you -- has decided that that traffic is actually illegal.  And my
machine sends email traffic for any host (other than a short list
known to be on uncensored networks) to uunet, which is explicitly
authorized by NSF to forward uncontrolled outside traffic (e.g. from
uucp sites) into the NSFnet.

You see, I anticipated that third parties would want to control what I
and my friends might want to talk about using this wonderful
networking technolgy.  And we aren't interested in your opinion.
No offense intended, Keith -- I think you have done some truly great
work for the community.  But when you imply that conversations though
my machine are in any way illegal or inappropriate, you've overstepped
my respect for you.

> 				 This person appears to be a virus
> author, one who knows virus authors, and/or one who encourages such
> activity. 

Thank you, Senator McCarthy.  I believe that [email protected] is not
a smart-card-carrying member of the virus authors' guild, but I'm not sure.

I think that the attitude that it's OK for "computer scientists" or
"virus researchers" to talk about viruses, to dissect them in detail,
and to write or modify them, but it isn't OK for anyone else to do so,
is two-faced and objectionable.  Security by obscurity -- forcing
people to be unaware of issues and threats like these, whether by
explicit censorship, pressure on intermediate sites, or by social
ostracism -- not only doesn't remove the threat, but is an affront to
our open society.

If you think that the public should be protected from the *content* of
the particular message that was forwarded to me, I recommend that you
look at recent issues of Info Security News (formerly ISPNews), one of
the better trade rags covering security products.  They seem to be
running an article series by Alan Solomon on exactly how stealth
viruses work, and they provided a lot more details than the overview
posting that came through toad.com.  I've seen articles in the Sep/Oct
and Nov/Dec 1992 issues so far.

Just as important to the cypherpunks posting was the author's
exploration of the impacts on society resulting from the technology
(the movement toward memory-protected and permission-controlled
operating systems, the impacts of automating virus creation so that
children can do it, etc).  The Solomon articles focused completely on
technical issues, leaving the reader in the dark about how to cope
over the next few years.

My own opinion is that viruses are what will finally put a stake
through the heart of DOS.  It's a dirty job, but somebody has to do it.
If true, or even 10% likely, it's something that a hundred million
people had better talk about, so they can prepare for it.

	John Gilmore
	[email protected]