[Cryptography] The Bob Morris worm
Jerry Leichter
leichter at lrw.com
Fri Apr 20 06:09:20 EDT 2018
>> In case we forget it, that worm had three "methods" for trying to
>> break into the next machine, once it was established on one. And one
>> of those was just trying a surprisingly short list of passwords....
>
> Well, that worked well enough for the Mirai worm in 2016. Quoting from
> the Wikipedia page, Mirai scanned ranges of IP addresses and "identifies
> vulnerable IoT devices using a table of more than 60 common factory
> default usernames and passwords, and logs into them to infect them with
> the Mirai malware." Rince and repeat...
Oh, no, you don't get it. Mirai showed just how incredibly far we've come.
You see, the Morris worm broke into systems by logging into the accounts of actual human users, who were themselves often choosing passwords from these very short lists.
Mirai, on the other hand, depends on automatically-set default passwords, delivered in stand-alone smart devices by the manufacturers. We've eliminated the human bad choice of passwords - it's all automated now.
*So* much more advanced!
-- Jerry :-)
More information about the cryptography
mailing list