[Cryptography] The Bob Morris worm

Bob Wilson wilson at math.wisc.edu
Thu Apr 19 14:11:57 EDT 2018 

Re:
> Date: Wed, 18 Apr 2018 19:03:37 -0700
> From: Phillip Hallam-Baker<phill at hallambaker.com>
> To: "Shawn K. Quinn"<skquinn at rushpost.com>
> Cc: Cryptography Mailing List<cryptography at metzdowd.com>
> Subject: Re: [Cryptography] Will We Ever Learn?
> Message-ID:
> 	<CAMm+LwjYTHXr6G6_rw29OTWudaAaXKQ1id3cDJa71zVQPMqKsg at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> On Mon, Apr 16, 2018 at 5:00 AM, Shawn K. Quinn<skquinn at rushpost.com>
> wrote:
>
>> On 04/13/2018 08:01 PM, Ryan Carboni wrote:
>>> The Morris worm was in 1988. That's all you need to know about what is
>>> really going on with internet security.
>>>   A worm crashed the internet, and everyone's response is to do nothing.
>>> That wasn't 2017, that was 1988.
>> Notice how you had to call it the Morris worm?
>>
>> Before Microsoft Windows was internet capable, it was simply called The
>> Internet Worm. As in, the one, singular. Now, you have to call it the
>> Morris worm to differentiate it from all the Windows worms that have
>> come since.
>>
> ​Not because it was the only one to be launched, because it was the one
> that brought the Internet down. There was also the Wang Worm and we had
> numerous breaches of Internet facing machines due to Sendmail
> vulnerabilities.
>
> ​For years, UNIX systems eschewed shadow password files as 'security
> through obscurity' until Crack appeared and suddenly having a world
> readable password file was a bad idea.
>
> Windows was not conceived as a multi-user or a network OS. So it is hardly
> surprising that the effect of adding it to a network was interesting.
> Windows NT was designed as a network OS but it was only when the Vista
> switchover occurred that the desktop OS moved to a fully NT based security
> scheme and that transition was resisted by many lazy admins who found the
> security got in the way of their work and it was easier to tell users they
> didn't want Vista than deploy it.
>
> What has changed since is that the Internet is no longer just one network,
> it is all networks.
> -------------- next part --------------
In case we forget it, that worm had three "methods" for trying to break 
into the next machine, once it was established on one. And one of those 
was just trying a surprisingly short list of passwords. "Back in the 
day" there were studies showing that on what there was of the net so 
far, a list of about 30 (it might even have been a little less) "words" 
would include a valid password on most (I remember numbers like 75%) of 
the systems that were connected. Such a list would include "Spock" and 
"password", and words from the game Adventure, and others that I hope 
would now bring more laughter than login success. From then on, for a 
while, every so often we would hear that a new survey showed that some 
small list would still work. Are there any data on how small a list 
would include a password working for some user on X% of all our systems 
these days? That might be a weak measure of how far our preaching about 
security practices has reached.
Bob Wilson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180419/9ec37eee/attachment.html>

More information about the cryptography mailing list