[Cryptography] The Bob Morris worm
Christian Huitema
huitema at huitema.net
Fri Apr 20 02:38:30 EDT 2018
On 4/19/2018 11:11 AM, Bob Wilson wrote:
> In case we forget it, that worm had three "methods" for trying to
> break into the next machine, once it was established on one. And one
> of those was just trying a surprisingly short list of passwords. "Back
> in the day" there were studies showing that on what there was of the
> net so far, a list of about 30 (it might even have been a little less)
> "words" would include a valid password on most (I remember numbers
> like 75%) of the systems that were connected. Such a list would
> include "Spock" and "password", and words from the game Adventure, and
> others that I hope would now bring more laughter than login success.
> From then on, for a while, every so often we would hear that a new
> survey showed that some small list would still work. Are there any
> data on how small a list would include a password working for some
> user on X% of all our systems these days? That might be a weak measure
> of how far our preaching about security practices has reached.
Well, that worked well enough for the Mirai worm in 2016. Quoting from
the Wikipedia page, Mirai scanned ranges of IP addresses and "identifies
vulnerable IoT devices using a table of more than 60 common factory
default usernames and passwords, and logs into them to infect them with
the Mirai malware." Rince and repeat...
-- Christian Huitema
More information about the cryptography
mailing list