On Monday, 10 May 2004 at 14:44:38 +1000, David Purdue wrote: > Just to play devil's advocate... > > Con Zymaris wrote: >> >> The first worm, by Robert Morris Junior, son of a senior NSA computer >> security expert and Unix pioneer, occurred in 1988. Even though it was >> not malicious and accidentally escaped from a lab, it brought the >> Internet to its knees for a few days. It directly caused the creation of >> a number of agencies, primarily CERT - Computer Emergency and Response >> Team. What the Morris Worm did clearly demonstrate is that there are >> substantial advantages for any organisation in using operating systems, >> middleware and applications from more than one codebase. Organisations >> who had a variety of platforms were able to keep part of their >> computing infrastructure going. > > This release fails to mention that the Morris Worm propagated by > exploiting weaknesses in Sendmail, an open source program. Well, I don't know if "fails" is the correct word. But it could have made capital of the matter, something along the lines of: - All software is vulnerable, even UNIX. - It happened to UNIX first. - We fixed it. It doesn't happen any more. > So it could also be said that what the Morris Worm did is clearly > demonstrate that software being open source does not imply that it > is immune to virus/worm attack. Well, this was UNIX, not "Open Source" :-) > If the real lesson is that I should source my applications from > multiple code bases, what is the alternate codebase for something > that does the same job as Apache? I don't personally think this is the lesson that people should learn. Greg -- Note: I discard all HTML mail unseen. Finger Greg.Lehey@auug.org.au for PGP public key. See complete headers for address and phone numbers.
Attachment:
pgp00000.pgp
Description: PGP signature