📄 http:^^www.columbia.edu^~cs1003^handouts^rfc1135
字号:
3.2 NSF The NSF issued an ethical network use statement on 30 November 1988, during the regular meeting of the Division Advisory Panel for Networking and Communications Research and Infrastructure (and reprinted in the Communications of the ACM (June of 1989) [5]), that stated, in part: The Division Advisory Panel (DAP) of the NSF Division of Networking and Communication Research and Infrastructure (DNCRI) deplores lapses of ethical behavior which cause disruption to our national network resources. Industry, government, and academe have established computer networks in support of research and scholarship. Recent events have accentuated the importance of establishing community standards for the ethical use of networks. In this regard, the DNCRI DAP defines as unethical any activity which purposefully or through negligence:Reynolds [Page 6]
RFC 1135 The Helminthiasis of the Internet December 1989 a. disrupts the intended use of the networks, b. wastes resources through such actions (people, bandwidth or computer), c. destroys the integrity of computer-based information, d. compromises the privacy of users, e. consumes unplanned resources for control and eradication. We encourage organizations managing and operating networks to adopt and publicize policies and standards for ethical behavior. We also encourage these organizations to adopt administrative procedures to enforce appropriate disciplinary responses to violations and to work with appropriate bodies on drafting legislation in this area. 3.3 MIT MIT issued a statement of ethics entitled, "Teaching Students About Responsible Use of Computers" in 1985-1986 (and reprinted in the Communications of the ACM (June 1989) [6]). The official statement of ethics specifically outlined MIT's position on the intended use, privacy and security, system integrity, and intellectual property rights. Those standards, outlined in the MIT Bulletin under academic procedures, call for all members of the community to act in a responsible, ethical, and professional way. The members of the MIT community also carry the responsibility to use the system in accordance with MIT's standards of honesty and personal conduct. 3.4 CPSR The CPSR issued a statement on the Computer Virus in November 1988 (and reprinted in the Communications of the ACM (June 1989) [7]). The CPSR believes: The incident should prompt critical review of our dependence on complex computer networks, particularly for military and defense- related function. The flaws that permitted the recent virus to spread will eventually be fixed, but other flaws will remain. Security loopholes are inevitable in any computer network and are prevalent in those that support general-purpose computing and are widely accessible. An effective way to correct known security flaws is to publishReynolds [Page 7]
RFC 1135 The Helminthiasis of the Internet December 1989 descriptions of the flaws so that they can be corrected. We therefore view the effort to conceal technical descriptions of the recent virus as short-sighted. CPSR believes that innovation, creativity, and the open exchange of ideas are the ingredients of scientific advancement and technological achievement. Computer networks, such as the Internet, facilitate this exchange. We cannot afford policies that might restrict the ability of computer researchers to exchange their ideas with one another. More secure networks, such as military and financial networks, sharply restrict access and offer limited functionality. Government, industry, and the university community should support the continued development of network technology that provides open access to many users. The computer virus has sent a clear warning to the computing community and to society at large. We hope it will provoke a long overdue public discussion about the vulnerabilities of computer networks, and the technological, ethical, and legal choices we must address.4. The Role of the Media ----- "You don't worry about whether or not they've written it, you worry whether or not they've read it before they go on the air." ----- Linda Ellerbee, the Pat Sajak Show. Airplane accidents, Pit Bulldog attacks, drought, disease...the media is there...whether you want them there or not. Predictably, some members of the press grabbed on to the worm invasion of the Internet and sensationalized the outbreak. Sites were named (including sites like NASA Ames and Lawrence Livermore) and pointed to as being "violated". Questions of computer security were rampant. Questions of national security appropriately followed. The alleged perpetrator of the worm tended to be thought of by the press as a "genius" or a "hero". During the helminthiasis of the Internet, handling this news media "invasion", was critical. It's akin to trying to extinguish a major brush fire with a news reporter and a microphone in your way. Time is of the essence. The U.C. Berkeley group, among others, reported that it was a problem to get work accomplished with the press hounding them incessantly. At MIT, their news office was commended in doing their job of keeping the press informed and satisfied, yet out of the way of the students and staff working on the a cure. What is an appropriate response?? At MIT, even a carefully wordedReynolds [Page 8]
RFC 1135 The Helminthiasis of the Internet December 1989 "technical" statement to the press resulted in very few coherent press releases on the Internet worm. Extrapolation and "flavoring" by the press were common. According to Eichin and Rochlis, "We were unable to show the T.V. crew anything "visual" caused by the virus, something which eventually become a common media request and disappointment. Instead, they settled for people looking at workstations talking 'computer talk'." [10] Cornell University was very critical of the press in their report to the Provost: "The Commission suggests that media exaggeration of the value and technical sophistication of this kind of activity obscures the far more accomplished work of those students who complete their graduate studies without public fanfare; who make constructive contributions to computer sciences and the advancement of knowledge through their patiently constructed dissertation; and who subject their work to the close scrutiny and evaluation of their peers, and not to the interpretations of the popular press." [9]5. Crime in the Computer World ----- "A recent survey by the American Bar Association found that almost one-half of those companies and Government agencies that responded had been victimized by some form of computer crime. The known financial loss from those crimes was estimated as high as $730 million, and the report concluded that computer crime is among the worst white-collar offenses." ----- The Computer Fraud and Abuse Act of 1986 The term White Collar crime was first used by Edwin Sutherland, a noted American criminologist, in 1939. Sutherland contended that the popular view of crime as primarily a lower class (Blue Collar) activity was based on the failure to consider the activities of the robber barons and captains of industry who violated the law with virtual impunity. In this day and age, White Collar crime refers to violations of the law committed by salaried or professional persons in conjunction with their work. Computer crimes are identified and included in this classification. Yet, law enforcement agencies have historically paid little attention to this new phenomenon. When a trial and conviction does occur, it's resulted more often in a fine and probation, than a prison term. A shift became apparent in the late 1970s, when the FBI's ABSCAM investigation (1978-80) resulted in the conviction of several U.S. legislators for bribery and related charges. The legal implication of the Internet worm program as a computer crime is still pending, as there are few cases to rely on. On theReynolds [Page 9]
RFC 1135 The Helminthiasis of the Internet December 1989 Federal level, HR-6061, "The Computer Virus Eradication Act of 1988" (Herger & Carr) was introduced in the U.S. House of Representatives. On the State level, several states are considering their own statutes. Time will tell. Meanwhile, computer network security is still allegedly being compromised, as described in a recent DDN Security Bulletin [12].6. Future Prevention ----- "This is a pretty kettle of fish." ----- Queen Mary to Stanley Baldwin at the time of Edward VII's abdication What roles can the computer community as a whole, play in preventing such outbreaks? Why were many people aware of the debug problem in the sendmail program and the overflow problem in fingerd, yet, appropriate fixes were not installed in existing systems? Various opinions have emerged: 1) Computer ethics must be taken seriously. A standard for computer ethics is extremely important for the new groups of computer professionals graduating out of Universities. The "old" professionals and "new" professionals who use computers are ALL responsible for their applications. 2) The "powers that be" of the Internet (IAB, DARPA, NSF, etc.) should pursue the current problems in network security, and cause the flaws to be fixed. 3) The openness and free flow of information of networking should be rightfully preserved, as it demonstrated its worth during the helminthiasis by expediting the analysis and cure of the infestation. 4) Promote and coordinate the establishment of committees or agency "police" panels that would handle, judge, and enforce violations based on a universally set standard of computer ethics. 5) The continued incidences of "computer crime" show a lack of professionalism and ethical standards in the computer community. Ethics statements like those discussed in this RFC, not only need to be published, but enforced as well. There is a continuing need to instill a professional code of ethics and responsibilities in order to preserve the computer community.Reynolds [Page 10]
RFC 1135 The Helminthiasis of the Internet December 19897. Documentation Review ----- "Everybody wants to get into the act!" ----- Jimmy Durante. Quite a number of articles and papers were published very soon after the worm invasion. Books, articles, and other documents are continuing to be written and published on the subject (see Section 9, Bibliography). In this RFC, we have chosen four to review: The Cornell University Report on "The Computer Worm" [8], presented to the Provost of the University, Eichin and Rochlis' "With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988" [9], Donn Seeley's "A Tour of the Worm" [10], and Gene Spafford's, "The Internet Worm Program: An Analysis" [11]. 7.1 The Cornell University Report The Cornell University Report on "The Computer Worm", was presented to the Provost of the University on 6 February 1989, by the Commission of Preliminary Enquiry, consisting of: Ted Eisenberg, Law, David Gries, Computer Science, Juris Hartmanis, Computer Science, Don Holcomb, Physics, M. Stuart Lynn, Office of Information Technologies (Chair), and Thomas Santoro, Office of the University Counsel. An introduction set the stage of the intent and purpose of the Commission: 1) Accumulate all evidence concerning the involvement of the alleged Cornell University Computer Science graduate student in the worm infestation of the Internet, and to assess the gathered evidence to determine the alleged graduate student was the perpetrator. 2) Accumulate all evidence concerning the potential involvement of any other members of the Cornell University community, and to assess such evidence to determine whether or not any other members of the Cornell University community was involved in unleashing the worm on to the Internet, or knew of the potential worm infestation ahead of time. 3) Evaluate relevant computer policies and procedures to determine which, if any, were violated and to make preliminary recommendations to the Provost as to whether any of such policies and procedures should be modified to inhibit potential future security violations of this general type.Reynolds [Page 11]
RFC 1135 The Helminthiasis of the Internet December 1989 In the summary of findings and comments, the Commission named the Cornell University first year Computer Science graduate student that allegedly created the worm and unleashed it on to the Internet. The findings section also discussed: 1) the impact of the invasion of the worm, 2) the mitigation attempts to stop the worm, 3) the violation of computer abuse policies, 4) the intent,⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -