[Cryptography] Will We Ever Learn?

Phillip Hallam-Baker phill at hallambaker.com
Wed Apr 18 22:03:37 EDT 2018


On Mon, Apr 16, 2018 at 5:00 AM, Shawn K. Quinn <skquinn at rushpost.com>
wrote:

> On 04/13/2018 08:01 PM, Ryan Carboni wrote:
> > The Morris worm was in 1988. That's all you need to know about what is
> > really going on with internet security.
> >  A worm crashed the internet, and everyone's response is to do nothing.
> > That wasn't 2017, that was 1988.
>
> Notice how you had to call it the Morris worm?
>
> Before Microsoft Windows was internet capable, it was simply called The
> Internet Worm. As in, the one, singular. Now, you have to call it the
> Morris worm to differentiate it from all the Windows worms that have
> come since.
>

​Not because it was the only one to be launched, because it was the one
that brought the Internet down. There was also the Wang Worm and we had
numerous breaches of Internet facing machines due to Sendmail
vulnerabilities.

​For years, UNIX systems eschewed shadow password files as 'security
through obscurity' until Crack appeared and suddenly having a world
readable password file was a bad idea.

Windows was not conceived as a multi-user or a network OS. So it is hardly
surprising that the effect of adding it to a network was interesting.
Windows NT was designed as a network OS but it was only when the Vista
switchover occurred that the desktop OS moved to a fully NT based security
scheme and that transition was resisted by many lazy admins who found the
security got in the way of their work and it was easier to tell users they
didn't want Vista than deploy it.

What has changed since is that the Internet is no longer just one network,
it is all networks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180418/84da0a72/attachment.html>


More information about the cryptography mailing list