* [TUHS] Happy birthday, Morris Worm! @ 2017-11-02 12:10 Noel Chiappa 2017-11-02 14:26 ` Dan Cross 0 siblings, 1 reply; 62+ messages in thread From: Noel Chiappa @ 2017-11-02 12:10 UTC (permalink / raw) > From: Doug McIlroy > A little known fact is that the judge leaned on the prosecutor to reduce > the charge to a misdemeanor and accepted the felony only when the > prosecuter secured specific backing from higher echelons at DOJ. I had a tangential role in the legal aftermath, and am interested to hear this. I hadn't had much to do with the actual outbreak, so I was not particularly watching the whole saga. However, on the evening news one day, I happened to catch video of him coming out of the court-house after his conviction: from the look on his face (he looked like his dog had died, and then someone had kicked him in the stomach) it was pretty clear that incareration (which is what the sentencing guidelines called for, for that offense) was totally inappropriate. So I decided to weigh in. I got advice from the Washington branch of then-Hale&Dorr (my legal people at the time), who were well connected inside the DoJ (they had people who'd been there, and also ex-H+D people were serving, etc). IIRC, they agreed with me that this was over-charging, given the specifics of the offender, etc. (I forget exactly what they told me of what they made of the prosecutor and his actions, but it was highly not positive.) So we organized the IESG to submit a filing in the case on the sentencing, and got everyone to sign on; apparently in the legal system when there is an professional organization in a field, its opinions weigh heavily, and the IESG, representing as it did the IETF, was the closest thing to it here. I don't know how big an effect our filing had, but the judge did depart very considerably from the sentencing guidelines (which called, IIRC, for several years of jail-time) and gave him probation/community-service. Not everyone was happy about our actions (particularly some who'd had to work on the cleanup), but I think in retrospect it was the right call - yeah, he effed up, but several years in jail was not the right punsishment, for him, and for this particular case (no data damaged/deleted/stolen/etc). YMMV. Noel ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-02 12:10 [TUHS] Happy birthday, Morris Worm! Noel Chiappa @ 2017-11-02 14:26 ` Dan Cross 0 siblings, 0 replies; 62+ messages in thread From: Dan Cross @ 2017-11-02 14:26 UTC (permalink / raw) On Thu, Nov 2, 2017 at 8:10 AM, Noel Chiappa <jnc at mercury.lcs.mit.edu> wrote: > [...] > So I decided to weigh in. I got advice from the Washington branch of > then-Hale&Dorr (my legal people at the time), who were well connected inside > the DoJ (they had people who'd been there, and also ex-H+D people were > serving, etc). IIRC, they agreed with me that this was over-charging, given > the specifics of the offender, etc. (I forget exactly what they told me of > what they made of the prosecutor and his actions, but it was highly not > positive.) This is really fascinating. The Washington Post did an article on the Internet Worm back in 2013 (for the 25th anniversary). There are quite a few interesting insights from Gene Spafford and the prosecutor, Mark Rasch. Spaf felt that the felony conviction was going to far; Rasch has stated he would support a pardon being granted for the felony conviction. Mashable also had an article with some more quotes from Rasch https://www.washingtonpost.com/news/the-switch/wp/2013/11/01/how-a-grad-student-trying-to-build-the-first-botnet-brought-the-internet-to-its-knees/ http://mashable.com/2013/11/01/morris-worm/#BosSE6MAiqq0 - Dan C. ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! @ 2019-11-01 20:36 Dave Horsfall 2019-11-01 21:12 ` Dan Cross 2019-11-01 21:49 ` A. P. Garcia 0 siblings, 2 replies; 62+ messages in thread From: Dave Horsfall @ 2019-11-01 20:36 UTC (permalink / raw) To: The Eunuchs Hysterical Society; +Cc: Computer Old Farts Followers The infamous Morris Worm was released in 1988; making use of known vulnerabilities in Sendmail/finger/RSH (and weak passwords), it took out a metric shitload of SUN-3s and 4BSD Vaxen (the author claimed that it was accidental, but the idiot hadn't tested it on an isolated network first). A temporary "condom" was discovered by Rich Kulawiec with "mkdir /tmp/sh". Another fix was to move the C compiler elsewhere. -- Dave ^ permalink raw reply [flat|nested] 62+ messages in thread
* Re: [TUHS] Happy birthday, Morris Worm! 2019-11-01 20:36 Dave Horsfall @ 2019-11-01 21:12 ` Dan Cross 2019-11-01 21:49 ` A. P. Garcia 1 sibling, 0 replies; 62+ messages in thread From: Dan Cross @ 2019-11-01 21:12 UTC (permalink / raw) To: Dave Horsfall Cc: The Eunuchs Hysterical Society, Computer Old Farts Followers [-- Attachment #1: Type: text/plain, Size: 916 bytes --] On Fri, Nov 1, 2019 at 4:37 PM Dave Horsfall <dave@horsfall.org> wrote: > The infamous Morris Worm was released in 1988; making use of known > vulnerabilities in Sendmail/finger/RSH (and weak passwords), it took out a > metric shitload of SUN-3s and 4BSD Vaxen (the author claimed that it was > accidental, but the idiot hadn't tested it on an isolated network first). > A > temporary "condom" was discovered by Rich Kulawiec with "mkdir /tmp/sh". > > Another fix was to move the C compiler elsewhere. > This comes up every year, but could I ask that you please stop referring to Robert T. Morris as an idiot? He acted foolishly and destructively, yes, but he was quite young at the time and he paid for his mistake. He's gone on to do very good work in systems and have a productive career; there really is no need to continue to castigate him in this manner for a mistake he made 31 years ago. - Dan C. [-- Attachment #2: Type: text/html, Size: 1287 bytes --] ^ permalink raw reply [flat|nested] 62+ messages in thread
* Re: [TUHS] Happy birthday, Morris Worm! 2019-11-01 20:36 Dave Horsfall 2019-11-01 21:12 ` Dan Cross @ 2019-11-01 21:49 ` A. P. Garcia 2019-11-02 6:35 ` William Corcoran 1 sibling, 1 reply; 62+ messages in thread From: A. P. Garcia @ 2019-11-01 21:49 UTC (permalink / raw) To: Dave Horsfall Cc: The Eunuchs Hysterical Society, Computer Old Farts Followers [-- Attachment #1: Type: text/plain, Size: 1266 bytes --] On Fri, Nov 1, 2019, 4:37 PM Dave Horsfall <dave@horsfall.org> wrote: > The infamous Morris Worm was released in 1988; making use of known > vulnerabilities in Sendmail/finger/RSH (and weak passwords), it took out a > metric shitload of SUN-3s and 4BSD Vaxen (the author claimed that it was > accidental, but the idiot hadn't tested it on an isolated network first). > A > temporary "condom" was discovered by Rich Kulawiec with "mkdir /tmp/sh". > > Another fix was to move the C compiler elsewhere. > > -- Dave > One of my comp sci professors was a grad student at Cornell when this happened. He shared a small office with Morris and some other students. He said that he had to explain that he had absolutely nothing to do with it on quite a few occasions. Morris was caught partly because he used the Unix crypt command to encrypt his source code. The command was a computer model of the Enigma machine, and its output could be and indeed was cracked, after retrieving the encrypted code from a backup tape. It's interesting that the worm was quickly detected. The reason was that it kept infecting the same machines, and as you referred to, it contained a password cracker, which slowed those machines to a crawl because of the multiple instances running. > [-- Attachment #2: Type: text/html, Size: 1904 bytes --] ^ permalink raw reply [flat|nested] 62+ messages in thread
* Re: [TUHS] Happy birthday, Morris Worm! 2019-11-01 21:49 ` A. P. Garcia @ 2019-11-02 6:35 ` William Corcoran 2019-11-02 6:44 ` William Corcoran 0 siblings, 1 reply; 62+ messages in thread From: William Corcoran @ 2019-11-02 6:35 UTC (permalink / raw) To: A. P. Garcia; +Cc: The Eunuchs Hysterical Society, Computer Old Farts Followers [-- Attachment #1: Type: text/plain, Size: 1912 bytes --] Whoa! Let’s rethink the defamatory ad hominem remarks here. We were all kids once. Moreover, my examination of this subject showed that some of our greatest computer scientists, at the time, went to bat for young Morris. Moreover, calling RTM a nasty name like that is a shoe that simply doesn’t fit. My goodness RTM is a professor at MIT. It’s inarguable that the Morris Worm helped his career far more than it hurt it. Plus, indeed, there was a genuine re-Morris from RTM. Bill Corcoran On Nov 1, 2019, at 5:49 PM, A. P. Garcia <a.phillip.garcia@gmail.com<mailto:a.phillip.garcia@gmail.com>> wrote: On Fri, Nov 1, 2019, 4:37 PM Dave Horsfall <dave@horsfall.org<mailto:dave@horsfall.org>> wrote: The infamous Morris Worm was released in 1988; making use of known vulnerabilities in Sendmail/finger/RSH (and weak passwords), it took out a metric shitload of SUN-3s and 4BSD Vaxen (the author claimed that it was accidental, but the idiot hadn't tested it on an isolated network first). A temporary "condom" was discovered by Rich Kulawiec with "mkdir /tmp/sh". Another fix was to move the C compiler elsewhere. -- Dave One of my comp sci professors was a grad student at Cornell when this happened. He shared a small office with Morris and some other students. He said that he had to explain that he had absolutely nothing to do with it on quite a few occasions. Morris was caught partly because he used the Unix crypt command to encrypt his source code. The command was a computer model of the Enigma machine, and its output could be and indeed was cracked, after retrieving the encrypted code from a backup tape. It's interesting that the worm was quickly detected. The reason was that it kept infecting the same machines, and as you referred to, it contained a password cracker, which slowed those machines to a crawl because of the multiple instances running. [-- Attachment #2: Type: text/html, Size: 3030 bytes --] ^ permalink raw reply [flat|nested] 62+ messages in thread
* Re: [TUHS] Happy birthday, Morris Worm! 2019-11-02 6:35 ` William Corcoran @ 2019-11-02 6:44 ` William Corcoran 2019-11-02 7:31 ` A. P. Garcia 0 siblings, 1 reply; 62+ messages in thread From: William Corcoran @ 2019-11-02 6:44 UTC (permalink / raw) To: A. P. Garcia; +Cc: The Eunuchs Hysterical Society, Computer Old Farts Followers [-- Attachment #1: Type: text/plain, Size: 2104 bytes --] My comments were not directed to A. P. Garcia. I regret my error. Bill Corcoran On Nov 2, 2019, at 2:36 AM, William Corcoran <wlc@jctaylor.com<mailto:wlc@jctaylor.com>> wrote: Whoa! Let’s rethink the defamatory ad hominem remarks here. We were all kids once. Moreover, my examination of this subject showed that some of our greatest computer scientists, at the time, went to bat for young Morris. Moreover, calling RTM a nasty name like that is a shoe that simply doesn’t fit. My goodness RTM is a professor at MIT. It’s inarguable that the Morris Worm helped his career far more than it hurt it. Plus, indeed, there was a genuine re-Morris from RTM. Bill Corcoran On Nov 1, 2019, at 5:49 PM, A. P. Garcia <a.phillip.garcia@gmail.com<mailto:a.phillip.garcia@gmail.com>> wrote: On Fri, Nov 1, 2019, 4:37 PM Dave Horsfall <dave@horsfall.org<mailto:dave@horsfall.org>> wrote: The infamous Morris Worm was released in 1988; making use of known vulnerabilities in Sendmail/finger/RSH (and weak passwords), it took out a metric shitload of SUN-3s and 4BSD Vaxen (the author claimed that it was accidental, but the idiot hadn't tested it on an isolated network first). A temporary "condom" was discovered by Rich Kulawiec with "mkdir /tmp/sh". Another fix was to move the C compiler elsewhere. -- Dave One of my comp sci professors was a grad student at Cornell when this happened. He shared a small office with Morris and some other students. He said that he had to explain that he had absolutely nothing to do with it on quite a few occasions. Morris was caught partly because he used the Unix crypt command to encrypt his source code. The command was a computer model of the Enigma machine, and its output could be and indeed was cracked, after retrieving the encrypted code from a backup tape. It's interesting that the worm was quickly detected. The reason was that it kept infecting the same machines, and as you referred to, it contained a password cracker, which slowed those machines to a crawl because of the multiple instances running. [-- Attachment #2: Type: text/html, Size: 3542 bytes --] ^ permalink raw reply [flat|nested] 62+ messages in thread
* Re: [TUHS] Happy birthday, Morris Worm! 2019-11-02 6:44 ` William Corcoran @ 2019-11-02 7:31 ` A. P. Garcia 0 siblings, 0 replies; 62+ messages in thread From: A. P. Garcia @ 2019-11-02 7:31 UTC (permalink / raw) To: William Corcoran Cc: The Eunuchs Hysterical Society, Computer Old Farts Followers [-- Attachment #1: Type: text/plain, Size: 1103 bytes --] On Sat, Nov 2, 2019, 2:44 AM William Corcoran <wlc@jctaylor.com> wrote: > My comments were not directed to A. P. Garcia. > > I regret my error. > > Bill Corcoran > > > > On Nov 2, 2019, at 2:36 AM, William Corcoran <wlc@jctaylor.com> wrote: > > Whoa! Let’s rethink the defamatory ad hominem remarks here. We were all > kids once. Moreover, my examination of this subject showed that some of > our greatest computer scientists, at the time, went to bat for young > Morris. Moreover, calling RTM a nasty name like that is a shoe that simply > doesn’t fit. My goodness RTM is a professor at MIT. It’s inarguable that > the Morris Worm helped his career far more than it hurt it. Plus, indeed, > there was a genuine re-Morris from RTM. > > Bill Corcoran > > <snip> No worries. It's worth mentioning on a Unix mailing list that RTM coauthored xv6, an x86 reimplementation of the v6 kernel. It sort of carries the torch of the Lions book by teaching future generations about the internals of operating systems and the Unix way. And that is a beautiful thing. > [-- Attachment #2: Type: text/html, Size: 2555 bytes --] ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm!
@ 2017-11-16 23:24 Doug McIlroy
2017-11-16 23:35 ` Ralph Corderoy
0 siblings, 1 reply; 62+ messages in thread
From: Doug McIlroy @ 2017-11-16 23:24 UTC (permalink / raw)
> let's not forget that amazing vi-trainer called rogue.
Also amazing is its robust survival at angband.org.
^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-16 23:24 Doug McIlroy @ 2017-11-16 23:35 ` Ralph Corderoy 0 siblings, 0 replies; 62+ messages in thread From: Ralph Corderoy @ 2017-11-16 23:35 UTC (permalink / raw) Doug wrote: > Also amazing is its robust survival at angband.org. Now known as http://rephial.org/ -- Cheers, Ralph. https://plus.google.com/+RalphCorderoy ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! @ 2017-11-03 10:23 Noel Chiappa 2017-11-03 11:20 ` arnold 2017-11-03 13:11 ` Arthur Krewat 0 siblings, 2 replies; 62+ messages in thread From: Noel Chiappa @ 2017-11-03 10:23 UTC (permalink / raw) > From: Arnold Skeeve > I suspect that he was also still young and fired up about things. :-) > ... > (In other words, he too probably deserves to be cut some slack.) Much as RTM was cut some slack? The thing is there's a key difference. RTM didn't _intend_ to melt down the network, whereas Gene presumbly - hopefully - thought about it for a while before he made his call to inflict severe punishment. Did RTM do something wrong? Absolutely. Did he deserve some punishment? Definitely. But years in jail? Yes, it caused a lot of disruption - but to any one person, not an overwhelming amount. Luckily, the judge was wise enough, and brave enough, to put the sentencing guidelines (and the DoJ recommendation, IIRC) to one side. However, that too was not without a cost; it was one more stone added to what is admittedlyalready a mountain of precedent that judges can ignore the legislature's recommendations - and once one does it, another will feel more free to do so. And so we pass from a government of laws to a government of men. But I don't give Gene the lion's share of the blame: that has to go to Rasch, and his superiors at the DoJ, who were apparently (as best I can understand their motives) willing to crush a young man under a bus to make a point. The power to prosecute and punish is an awesome one, and should be wielded carefully and with judgement, and it was their failure to do so that really was the root cause. Noel ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-03 10:23 Noel Chiappa @ 2017-11-03 11:20 ` arnold 2017-11-03 13:11 ` Arthur Krewat 1 sibling, 0 replies; 62+ messages in thread From: arnold @ 2017-11-03 11:20 UTC (permalink / raw) jnc at mercury.lcs.mit.edu (Noel Chiappa) wrote: > > From: Arnold Skeeve ^^^^^^ Skeeve is my domain. Robbins is my last name. > > I suspect that he was also still young and fired up about things. :-) > > ... > > (In other words, he too probably deserves to be cut some slack.) > > Much as RTM was cut some slack? I should have said "cut some slack now". I don't disagree with the rest of what you've said. > The thing is there's a key difference. RTM didn't _intend_ to melt down the > network, whereas Gene presumbly - hopefully - thought about it for a while > before he made his call to inflict severe punishment. And had he been a bit older and wiser, he might have done things differently. Whatever. I dn't want to get into an argument, since I am singularly unfamiliar with the details of the case. I merely point at that Spafford is human too. Thanks, Arnold ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-03 10:23 Noel Chiappa 2017-11-03 11:20 ` arnold @ 2017-11-03 13:11 ` Arthur Krewat 2017-11-03 19:26 ` Toby Thain 1 sibling, 1 reply; 62+ messages in thread From: Arthur Krewat @ 2017-11-03 13:11 UTC (permalink / raw) Around the mid 80's,there was another case where the DoJ was willing to crush someone, not for causing a real disruption, but for getting into the wrong places and reading the wrong things. I'll keep the details out, but the prosecution of RTM might have been more over the top because of preceding cases of hacking. On 11/3/2017 6:23 AM, Noel Chiappa wrote: > lion's share of the blame: that has to go to Rasch, > and his superiors at the DoJ, who were apparently (as best I can understand > their motives) willing to crush a young man under a bus to make a point. ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-03 13:11 ` Arthur Krewat @ 2017-11-03 19:26 ` Toby Thain 2017-11-03 20:54 ` Arthur Krewat 0 siblings, 1 reply; 62+ messages in thread From: Toby Thain @ 2017-11-03 19:26 UTC (permalink / raw) On 2017-11-03 9:11 AM, Arthur Krewat wrote: > Around the mid 80's,there was another case where the DoJ was willing to > crush someone, not for causing a real disruption, but for getting into > the wrong places and reading the wrong things. > > I'll keep the details out, but the prosecution of RTM might have been > more over the top because of preceding cases of hacking. The DOJ brutality has only got worse since then: https://topdocumentaryfilms.com/internet-own-boy-story-aaron-swartz/ --Toby > > > > On 11/3/2017 6:23 AM, Noel Chiappa wrote: >> lion's share of the blame: that has to go to Rasch, >> and his superiors at the DoJ, who were apparently (as best I can >> understand >> their motives) willing to crush a young man under a bus to make a point. > > ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-03 19:26 ` Toby Thain @ 2017-11-03 20:54 ` Arthur Krewat 0 siblings, 0 replies; 62+ messages in thread From: Arthur Krewat @ 2017-11-03 20:54 UTC (permalink / raw) BTW, the one case I was thinking of when I wrote this is not even documented anywhere. I can't find any reference to it whatsoever. It happened around 1983/84. So it's not only the public cases, there were ones that were swept under the rug it seems. All the while, the defendant was threatened with 20-30 years in a federal prison, but eventually was given 10 years probation. I knew the guy involved. It was an interesting time. On 11/3/2017 3:26 PM, Toby Thain wrote: > On 2017-11-03 9:11 AM, Arthur Krewat wrote: >> Around the mid 80's,there was another case where the DoJ was willing to >> crush someone, not for causing a real disruption, but for getting into >> the wrong places and reading the wrong things. >> >> I'll keep the details out, but the prosecution of RTM might have been >> more over the top because of preceding cases of hacking. > The DOJ brutality has only got worse since then: > > https://topdocumentaryfilms.com/internet-own-boy-story-aaron-swartz/ > > --Toby > ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm!
@ 2017-11-03 0:53 Doug McIlroy
2017-11-03 1:39 ` Ken Thompson
0 siblings, 1 reply; 62+ messages in thread
From: Doug McIlroy @ 2017-11-03 0:53 UTC (permalink / raw)
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 2090 bytes --]
I think "classlessness" is intened as an antonym to "classy".
Spafford with high dudgeon called early for punishment. He had tempered
it somewhat by the time he wrote his CACM article, published in June
1985. But still some animus shows through, in "even-handedly"
speculating about whether the worm was intended as a lark or as
something nefarious. He evidently had mellowed a lot by the
time of the last quotation below.
In the CACM article Spaff quoted someone else as suggesting that
Morris did it to impress Jodie Foster, and he called Allman's
back door in Sendmail a debugging feature that people could
optionally turn off. As far as I know it was not disclosed that
DEBUG allowed remote control of Sendmail. In fact Sendmail was
so opaque that Dave Presotto declined to install it and wrote
his own (upas) for Research.
I don't recall the cited "contest". And Dennis's reaction to
the CaCM article seems somwhat harsh. But the context is that
Spafford's overheated initial reaction did not win friends in
research.
>
> Can anyone remember or decipher what this was about???
>
> Date: 24 Mar 90 06:52:43 GMT
> From: dmr at alice.att.com
> Subject: Re: Contest announcement
> To: misc-security at uunet.uu.net
>
> My own contest is "Most appalling display of classlessness in dealing with
> a serious subject." The nominees are:
>
> 1) National Center for Computer Crime Data, Security Magazine, and
> Gene Spafford, for their "How High Shall We Hang Robert Morris?"
> contest.
>
> 2) Gene Spafford, for the most tasteless article ever to appear in CACM
> (special credits for the Jodie Foster joke).
>
> Dennis Ritchie
>
> Some context maybe?
>>
>> “He has not tried to make any money or work in this area,” Purdue
>> University computer science professor Eugene Spafford said of Morris
>> in an interview with The Washington Post. “His behavior has been
>> consistent in supporting his defense: that it was an accident and he
>> felt badly about it. I think it’s very much to his credit that that has
>> been his behavior ever since.”
^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-03 0:53 Doug McIlroy @ 2017-11-03 1:39 ` Ken Thompson 2017-11-03 9:25 ` arnold 0 siblings, 1 reply; 62+ messages in thread From: Ken Thompson @ 2017-11-03 1:39 UTC (permalink / raw) [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #1: Type: text/plain, Size: 2303 bytes --] spafford was the prize witness for the offense at the trial. strident and evil. On Thu, Nov 2, 2017 at 5:53 PM, Doug McIlroy <doug at cs.dartmouth.edu> wrote: > I think "classlessness" is intened as an antonym to "classy". > > Spafford with high dudgeon called early for punishment. He had tempered > it somewhat by the time he wrote his CACM article, published in June > 1985. But still some animus shows through, in "even-handedly" > speculating about whether the worm was intended as a lark or as > something nefarious. He evidently had mellowed a lot by the > time of the last quotation below. > > In the CACM article Spaff quoted someone else as suggesting that > Morris did it to impress Jodie Foster, and he called Allman's > back door in Sendmail a debugging feature that people could > optionally turn off. As far as I know it was not disclosed that > DEBUG allowed remote control of Sendmail. In fact Sendmail was > so opaque that Dave Presotto declined to install it and wrote > his own (upas) for Research. > > I don't recall the cited "contest". And Dennis's reaction to > the CaCM article seems somwhat harsh. But the context is that > Spafford's overheated initial reaction did not win friends in > research. >> >> Can anyone remember or decipher what this was about??? >> >> Date: 24 Mar 90 06:52:43 GMT >> From: dmr at alice.att.com >> Subject: Re: Contest announcement >> To: misc-security at uunet.uu.net >> >> My own contest is "Most appalling display of classlessness in dealing with >> a serious subject." The nominees are: >> >> 1) National Center for Computer Crime Data, Security Magazine, and >> Gene Spafford, for their "How High Shall We Hang Robert Morris?" >> contest. >> >> 2) Gene Spafford, for the most tasteless article ever to appear in CACM >> (special credits for the Jodie Foster joke). >> >> Dennis Ritchie >> >> Some context maybe? >>> >>> “He has not tried to make any money or work in this area,” Purdue >>> University computer science professor Eugene Spafford said of Morris >>> in an interview with The Washington Post. “His behavior has been >>> consistent in supporting his defense: that it was an accident and he >>> felt badly about it. I think it’s very much to his credit that that has >>> been his behavior ever since.” ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-03 1:39 ` Ken Thompson @ 2017-11-03 9:25 ` arnold 0 siblings, 0 replies; 62+ messages in thread From: arnold @ 2017-11-03 9:25 UTC (permalink / raw) Ken Thompson via TUHS <tuhs at minnie.tuhs.org> wrote: > spafford was the prize witness for the > offense at the trial. strident and evil. I suspect that he was also still young and fired up about things. :-) (Not to mention a professor still working towards tenure.) I was in grad school with Gene at Georgia Tech and still exchange emails with him every once in a while. He is most definitely not a strident and evil *person*, but I can't speak to what happened in the trial itself. (In other words, he too probably deserves to be cut some slack.) My two cents, Arnold ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! @ 2017-11-02 13:46 Norman Wilson 2017-11-02 14:32 ` Chet Ramey 2017-11-02 14:42 ` Will Senn 0 siblings, 2 replies; 62+ messages in thread From: Norman Wilson @ 2017-11-02 13:46 UTC (permalink / raw) Robert T Morris (the son who committed the famous worm) was an intern at Bell Labs for a couple of summers while I was there. He certainly wasn't an idiot; he was a smart guy. Like many smart guys (and not-so-smart guys for that matter), however, he was a sloppy coder, and tended not to test enough. One of the jokes in the UNIX Room was that, had it been Bob Morris (the father) who did it, a. He wouldn't have done it, because he would have seen that it wasn't worth the potential big mess; but b. Had he done it, no one would ever have caught him, and probably no one would even have noticed the worm as it crept around. Norman Wilson Toronto ON ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-02 13:46 Norman Wilson @ 2017-11-02 14:32 ` Chet Ramey 2017-11-02 14:42 ` Will Senn 1 sibling, 0 replies; 62+ messages in thread From: Chet Ramey @ 2017-11-02 14:32 UTC (permalink / raw) On 11/2/17 9:46 AM, Norman Wilson wrote: > Like many smart guys (and not-so-smart guys for that matter), > however, he was a sloppy coder, and tended not to test enough. In my experience, that is one of the things that improves with age (and, yes, experience). -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, UTech, CWRU chet at case.edu http://cnswww.cns.cwru.edu/~chet/ ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-02 13:46 Norman Wilson 2017-11-02 14:32 ` Chet Ramey @ 2017-11-02 14:42 ` Will Senn 2017-11-02 15:00 ` Michael Kjörling 2017-11-02 15:25 ` Dan Cross 1 sibling, 2 replies; 62+ messages in thread From: Will Senn @ 2017-11-02 14:42 UTC (permalink / raw) On 11/2/17 8:46 AM, Norman Wilson wrote: > Robert T Morris (the son who committed the famous worm) was an > intern at Bell Labs for a couple of summers while I was there. > He certainly wasn't an idiot; he was a smart guy. > > Like many smart guys (and not-so-smart guys for that matter), > however, he was a sloppy coder, and tended not to test enough. > > One of the jokes in the UNIX Room was that, had it been Bob > Morris (the father) who did it, > a. He wouldn't have done it, because he would have seen that > it wasn't worth the potential big mess; but > b. Had he done it, no one would ever have caught him, and > probably no one would even have noticed the worm as it crept > around. > > Norman Wilson > Toronto ON I seem to recall that this story was included as part of The Cuckoo's Egg, by Clifford Stoll. I don't recall the specifics and I wonder if it has a bit of myth included, but somehow it was peripherally related to the investigations. Fuzzy recollection is that the worm got out during the investigation Clifford was involved in and it was Morris's son (Morris being in on the investigation somehow), and the kid getting off because of the position of the dad and the newness of the crime... or somesuch - don't shoot the messenger, but nobody mentioned Stoll, so I thought I'd chime in, in the hopes it might jog someone else's memory :). Will -- GPG Fingerprint: 68F4 B3BD 1730 555A 4462 7D45 3EAA 5B6D A982 BAAF ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-02 14:42 ` Will Senn @ 2017-11-02 15:00 ` Michael Kjörling 2017-11-02 15:26 ` Tim Bradshaw 2017-11-02 15:25 ` Dan Cross 1 sibling, 1 reply; 62+ messages in thread From: Michael Kjörling @ 2017-11-02 15:00 UTC (permalink / raw) [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #1: Type: text/plain, Size: 1116 bytes --] On 2 Nov 2017 09:42 -0500, from will.senn at gmail.com (Will Senn): > I seem to recall that this story was included as part of The > Cuckoo's Egg, by Clifford Stoll. I don't recall the specifics and I > wonder if it has a bit of myth included, but somehow it was > peripherally related to the investigations. Fuzzy recollection is > that the worm got out during the investigation Clifford was involved > in and it was Morris's son (Morris being in on the investigation > somehow), and the kid getting off because of the position of the dad > and the newness of the crime... or somesuch - don't shoot the > messenger, but nobody mentioned Stoll, so I thought I'd chime in, in > the hopes it might jog someone else's memory :). Yes, Stoll did mention the Morris worm in his book. I'm pretty sure though that, as the story is told there, he found out about it well after the outbreak began. -- Michael Kjörling • https://michael.kjorling.se • michael at kjorling.se “People who think they know everything really annoy those of us who know we don’t.” (Bjarne Stroustrup) ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-02 15:00 ` Michael Kjörling @ 2017-11-02 15:26 ` Tim Bradshaw 2017-11-02 16:48 ` Don Hopkins ` (6 more replies) 0 siblings, 7 replies; 62+ messages in thread From: Tim Bradshaw @ 2017-11-02 15:26 UTC (permalink / raw) [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #1: Type: text/plain, Size: 438 bytes --] On 2 Nov 2017, at 15:00, Michael Kjörling <michael at kjorling.se> wrote: > > Yes, Stoll did mention the Morris worm in his book. I'm pretty sure > though that, as the story is told there, he found out about it well > after the outbreak began. If I remember right it's essentially a postscript which takes place well after the main events, and he was contacted by <someone> who suspected he might have been responsible for it. --tim ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-02 15:26 ` Tim Bradshaw @ 2017-11-02 16:48 ` Don Hopkins 2017-11-02 16:50 ` Don Hopkins ` (5 subsequent siblings) 6 siblings, 0 replies; 62+ messages in thread From: Don Hopkins @ 2017-11-02 16:48 UTC (permalink / raw) /* Written 1:54 am Dec 2, 1988 by bradley at m.cs.uiuc.edu in m.cs.uiuc.edu:general */ /* ---------- "SIGBEER 12/2/88 (A poem)" ---------- */ SIGBEER COLLOQUIUM SPEAKER: Clement C. Morris Department of Annelid Studies Cornell University TITLE: The Worm Before Christmas: A poem TIME: December 2, 1988. 5:00pm PLACE: White Horse Green St. near 2nd (across from Champion Federal) Note: THIS IS DIFFERENT! ABSTRACT: A critical reading of the following poem will be presented. Discussion and refreshments will follow. "The Worm Before Christmas" by Clement C. Morris (a.k.a. David Bradley, Betty Cheng, Hal Render, Greg Rogers, and Dan LaLiberte) Twas the night before finals, and all through the lab Not a student was sleeping, not even McNabb. Their projects were finished, completed with care In hopes that the grades would be easy (and fair). The students were wired with caffeine in their veins While visions of quals nearly drove them insane. With piles of books and a brand new highlighter, I had just settled down for another all nighter --- When out from our gateways arose such a clatter, I sprang from my desk to see what was the matter; Away to the console I flew like a flash, And logged in as root to fend off a crash. The windows displayed on my brand new Sun-3, Gave oodles of info --- some in 3-D. When, what to my burning red eyes should appear But dozens of "nobody" jobs. Oh dear! With a blitzkrieg invasion, so virulent and firm, I knew in a moment, it was Morris's Worm! More rapid than eagles his processes came, And they forked and exec'ed and they copied by name: "Now Dasher! Now Dancer! Now, Prancer and Vixen! On Comet! On Cupid! On Donner and Blitzen! To the sites in .rhosts and host.equiv Now, dash away! dash away! dash away all!" [ Note: The machines dasher.cs.uiuc.edu, dancer.cs.uiuc.ed, prancer.cs.uiuc.edu, etc. have been renamed deer1, deer2, deer3, etc. so as not to confuse the already burdened students who use those machines. We regret that this poem reflects the older naming scheme and hope it does not confuse the network adminstrator at your site. -Ed.] And then in a twinkling, I heard on the phone, The complaints of the users. (Thought I was alone!) "The load is too high!" "I can't read my files!" "I can't send my mail over miles and miles!" I unplugged the net, and was turning around, When the worm-ridden system went down with a bound. I fretted. I frittered. I sweated. I wept. Then finally I core dumped the worm in /tmp. It was smart and pervasive, a right jolly old stealth, And I laughed, when I saw it, in spite of myself. A look at the dump of that invasive thread Soon gave me to know we had nothing to dread. The next day was slow with no network connections, For we wanted no more of those pesky infections. But in spite of the news and the noise and the clatter, Soon all became normal, as if naught were the matter. Then later that month while all were away, A virus came calling and then went away. The system then told us, when we logged in one night: "Happy Christmas to all! (You guys aren't so bright.)" [ Note: The authors would like to apologize to Dave McNabb for any detrimental references to his sleeping habits or lack thereof. Unfortunately, they couldn't think of anything else that rhymes with "lab". -Ed. ] /* End of text from m.cs.uiuc.edu:general */ -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://minnie.tuhs.org/pipermail/tuhs/attachments/20171102/56f7c582/attachment-0001.html> ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-02 15:26 ` Tim Bradshaw 2017-11-02 16:48 ` Don Hopkins @ 2017-11-02 16:50 ` Don Hopkins 2017-11-02 16:52 ` Don Hopkins ` (4 subsequent siblings) 6 siblings, 0 replies; 62+ messages in thread From: Don Hopkins @ 2017-11-02 16:50 UTC (permalink / raw) Article 4875 of rec.arts.poems: Path: amelia!eos!ames!uakari.primate.wisc.edu!samsung!uunet!ogicse!unicorn!blak e!milton!ecombs From: ecombs@milton.acs.washington.edu (Ed Combs) Newsgroups: rec.arts.poems,rec.humor Subject: viruworms Keywords: virus worm poem eunicks Message-ID: <2482 at milton.acs.washington.edu> Date: 20 Mar 90 07:25:08 GMT Organization: Univ of Washington, Seattle Lines: 49 Xref: amelia rec.arts.poems:4875 rec.humor:28638 Posted: Mon Mar 19 23:25:08 1990 VIRUWORMY (with apologies to Charles Dodgson) For RTM who made it all possible. 'Twas eunicks* and the asky chars Did grepp and skanneff at the nik: All mimdy were the hyperstars, And the rad ravs outsmick. "Beware the Viruworm, my sun! Let not its bits, in temp space get! Guard well the Passpass word, and shun The durbious Internet!" He put his darpal code in ram: Long time the decson foe he sought -- So waited he, in the Dirdir tree And slept awhile, swapped out. And as with hashish dreams he slept The Viruworm -- that spawn from shell -- Fast fingring through the mayle, it crept And gettessed from Koornell! Ping, pong! Ping, pong! And long by long The darpal code went hicker-hack! It ran no more, and with its core He went dispiling back. "And hast thou killed the Viruworm? Nok bless your promms, my sparkish toy! O megga win! Ess are eye! Bee bee enn!" He broadcast in his joy. 'Twas eunicks and the asky chars Did grepp and skanneff at the nik: All mimdy were the hyperstars, And the rad ravs outsmick. -- ejc '90 *Eunicks is not a registered trademark of ATT Bell Laboratories. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://minnie.tuhs.org/pipermail/tuhs/attachments/20171102/32155a5b/attachment.html> ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-02 15:26 ` Tim Bradshaw 2017-11-02 16:48 ` Don Hopkins 2017-11-02 16:50 ` Don Hopkins @ 2017-11-02 16:52 ` Don Hopkins 2017-11-02 16:54 ` Don Hopkins ` (3 subsequent siblings) 6 siblings, 0 replies; 62+ messages in thread From: Don Hopkins @ 2017-11-02 16:52 UTC (permalink / raw) To: mimsy!rutgers!att!tanstaafl Subject: Bob Morris, Jr. Date: 5 Nov 88 17:15:21 EST (Sat) From: rcj@moss.ATT.COM (Curtis Jackson) Bob Morris, Sr. worked on my project here (Enhanced Modular Signal Processor, or EMSP) at Bell Labs from about 1981 through 1984 or 1985. I have to say that his son comes by it honestly -- Bob Sr. was always cracking systems and passwords. He once turned loose his password finder on one of our systems and it found the passwords for something like 55% of the accounts. His other big interest was involving huge huge primes. He was always running this program to try and find the next prime number. He was a quintessential software hacker -- given the choice of saying "box wid 4.5i ht 7i" to pic, or hacking the same thing in really raw troff, he always did the latter. He knew troff better than anyone I've ever seen. He was also one hell of a good drinking buddy. True Bob Morris (Sr.) stories: Bob would occasionally wear a suit (*gasp*) when meeting with the Navy instead of wearing his normal holey sweater and jeans. But he never forsook his old hiking boots. And these babies smelled real bad when he took them off -- we are talking serious ODAIR here. One day he was in one of two adjoining meeting rooms, and he took his boots off. The smell immediately permeated the room, and one of the MTS, Robin, gingerly grabbed them and set them inside the adjoining conference room. Less than two minutes later, the connecting door opened again and the boots were just as gingerly and silently returned. Robin gave up and put them outside in the hallway. A waitress at our local pub, who had known Bob for at least 7-8 years before I came on the scene, used to lift Bob's shirt and rub his tummy right in the pub -- some kind of private joke between them. Apparently one day he returned the favor and lifted her shirt up *real* high. So one winter day he and I went into the pub, and Marcia came up and said, "Robert, look -- *two* shirts. You're not going to get me this time!" Bob said, "Yeah, I bet you've got the bottom one pinned to your you-know-what [sic]." Marcia said, "All the way down to my ankles, bud!" Not to give you the impression he was a pond scum to women; all the women I knew really liked him as long as he kept his boots on. ;-) Have never met Bob Jr., but I do know he was hacking at Daddy's knee (sounds like a scene from a horror film ;-) before he could crawl. Curtis Jackson -- att!moss!rcj 201-386-6409 "The cardinal rule of skydiving and ripcords: When in doubt, whip it out!" -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://minnie.tuhs.org/pipermail/tuhs/attachments/20171102/1a7c8ed0/attachment-0001.html> ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-02 15:26 ` Tim Bradshaw ` (2 preceding siblings ...) 2017-11-02 16:52 ` Don Hopkins @ 2017-11-02 16:54 ` Don Hopkins 2017-11-02 16:56 ` Don Hopkins ` (2 subsequent siblings) 6 siblings, 0 replies; 62+ messages in thread From: Don Hopkins @ 2017-11-02 16:54 UTC (permalink / raw) Date: Sat, 5 Nov 88 10:57:11 PST From: kent@na-net.stanford.edu (Mark Kent) Message-Id: <8811051857.AA02684 at patience.stanford.edu> To: src Subject: Isn't this... Isnt't this the Robert Morris who worked with Mark Manasse and Greg Nelson in the summer of 1987 (in my cubicle from summer 1986)? He did a X windows to <dec-src window system> interface amazingly fast, *without* using the tools in emacs that make writing M2+ programs easier (because he did it in vi). He knew a *lot* about sendmail then. -mark From: Martin Frost <ME@sail.stanford.edu> Subject: virus programmer From the AP news early Saturday morning comes this story. Note the mention of passwords for some computers at Stanford. Creator Of Computer 'Virus' Is Cornell Student, Son Of Government Scientist Eds: News conference scheduled at 10 a.m. EST By DOUGLAS ROWE Associated Press Writer A Cornell University student whose father is a top government computer security expert created the ''virus'' that slowed 6,000 computers nationwide, said a report today, and the school found that the young man possessed unauthorized computer codes. Two sources with detailed knowledge of the case told The New York Times that Robert T. Morris Jr., 23, a computer science graduate student whom friends describe as ''brilliant,'' devised the virus as an experiment. M. Stuart Lynn, Cornell's vice president for information technologies, said early today that the university had not talked to Morris but was investigating his computer files. The Ithaca, N.Y., school scheduled a news conference for today. ''So far we have determined that his account contains files that appear to hold passwords for some computers at Cornell and Stanford to which he is not entitled,'' Lynn said in a statement. ''We also have discovered that Morris' account contains a list of passwords substantially similar to those found in the virus.'' Passwords are the codes needed to gain access to computer systems. The student's father, Robert Morris Sr., is chief scientist at the National Computer Security Center in Bethesda, Md., the arm of the National Security Agency devoted to protecting computers from outside attack. He has written widely on the security of the Unix operating system, the computer master program that was the target of the computer virus. Several telephone calls to the family's home in Silver Spring, Md., near Washington, went unanswered. Later, an answering machine was attached and messages left on it were not returned. The younger Morris also could not be reached. The university said it did not have a local address for him, and Lynn said college officials believed he was on his way to Washington. Computer viruses behave like biological viruses in that they duplicate themselves and spread from computer to computer, through ''electronic mail'' systems or other networks. They consume computer processing power and storage space, and some - but apparently not this one - destroy stored information. The virus was introduced into Arpanet, a Department of Defense computer network linking universities, research centers and defense operations, officials said. It was intended to remain there undetected, slowly making copies that would move from computer to computer, the Times said. But a design error caused it instead to replicate out of control, the Times reported Friday, quoting an anonymous caller to the newspaper who said he was an associate of the program's designer. The virus jammed more than 6,000 computers nationwide starting Wednesday. But it apparently caused no damage other than lost research time and the thousands of costly hours that computer scientists and programmers were spending to remove it from their systems. By Friday, most universities and research centers had turned their computers back on. George Strawn, director of the Computation Center at Iowa State University in Des Moines, described the impact of the virus at his school as ''a slight case of the sniffles.'' Doug Van Houweling, vice provost for information technology at the University of Michigan, said no files were damaged but many hours of work were needed to clean out ''duplicate waste files'' the virus created. Hans-Werner Braun, a computer expert at the Ann Arbor, Mich., school, said the main effect of the incident was to call attention to the system's vulnerability. The elder Morris told the Times that the virus ''has raised the public awareness to a considerable degree. It is likely to make people more careful and more attentive to vulnerabilities in the future.'' Sources told the Times that his son flew to Washington on Friday and planned to hire a lawyer and meet with officials in charge of the Arpanet network to discuss the incident. Computer scientists said the younger Morris worked in recent summers at the American Telephone and Telegraph Co.'s Bell Laboratories. One of his projects included rewriting the communications security software for most computers that run the Unix operating system, which AT&T developed, the Times reported. Computer scientists who are disassembling the virus to learn how it worked said they have been impressed with its power and cleverness. The elder Morris, 56, told the Times that it was ''the work of a bored graduate student.'' Dexter Kozen, the graduate faculty representative in Cornell's computer science department, said he chuckled when he heard that quote. ''We try to keep them from getting bored,'' he said. ''I guess we didn't try hard enough.'' *************** -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://minnie.tuhs.org/pipermail/tuhs/attachments/20171102/f641135b/attachment-0001.html> ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-02 15:26 ` Tim Bradshaw ` (3 preceding siblings ...) 2017-11-02 16:54 ` Don Hopkins @ 2017-11-02 16:56 ` Don Hopkins 2017-11-02 16:57 ` Don Hopkins 2017-11-02 17:00 ` Don Hopkins 6 siblings, 0 replies; 62+ messages in thread From: Don Hopkins @ 2017-11-02 16:56 UTC (permalink / raw) Date: 14 Nov 88 00:03 EST From: TomZ@DDN1.arpa Subject: FBI Contact re: November Internet Virus To: TCP-IP at SRI-NIC.arpa Cc: B602-ALL at DDN1.arpa, StJohns at beast.ddn.mil Were YOU hit by the November Internet Virus? The FBI wants to hear from you! The Federal Bureau of Investigation is attempting to gather critical information necessary to pursue this case under the Computer Fraud and Abuse Act of 1986. (This is the statute that makes it a federal crime to penetrate a computer owned by or run on the behalf of the Government.) The FBI Case Agent has asked the Defense Data Network Project Management Office to collect the names of organizations and Points of Contact (names and phone numbers) that were hit by the Virus. The Defense Communications Agency has established an E-Mail address for this collection at: INFO-VACC [at] BEAST.DDN.MIL Points of Contact should expect to be contacted by their local FBI agents for dispositions due to the wide geographical area involved. I * M * P * O * R * T * A * N * T The FBI needs this information to pursue the case. If we expect their aid in the future, we need to help them now. PLEASE GIVE THIS MESSAGE MAXIMUM DISTRIBUTION; NOT EVERYONE IS ON "TCP-IP"! -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://minnie.tuhs.org/pipermail/tuhs/attachments/20171102/e8ad24e1/attachment.html> ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-02 15:26 ` Tim Bradshaw ` (4 preceding siblings ...) 2017-11-02 16:56 ` Don Hopkins @ 2017-11-02 16:57 ` Don Hopkins 2017-11-02 17:00 ` Don Hopkins 6 siblings, 0 replies; 62+ messages in thread From: Don Hopkins @ 2017-11-02 16:57 UTC (permalink / raw) Date: Wed, 16 Nov 88 18:58 EST From: Patrick G. Sobalvarro <PGS@AI.AI.MIT.EDU> Subject: don't delete this message! To: rumors at MC.LCS.MIT.EDU cc: mly at AI.AI.MIT.EDU, kdo at lucid.com Resent-To: Fun at STONY-BROOK.SCRC.Symbolics.COM Resent-From: David A. Moon <Moon at STONY-BROOK.SCRC.Symbolics.COM> Resent-Date: Wed, 16 Nov 88 20:11 EST WRITE A UNIX VIRUS PROGRAM WHEN YOU RECEIVE THIS LETTER AND MAKE MAGIC This message has been sent to you for good luck. It has been around the world nine times. The luck has now been sent to you. You will receive good luck within four days after receiving this letter provided you in return write a Unix virus program that sends it back out. This is no joke. You will receive it in the mail. Write a program that uses common Unix utilities to propagate itself across the network. Write it so that it modifies the Unix file system code to spontaneously create copies of this letter in the mailer queue directory, addressed to random users who you think want good luck. Don't send money, as fate has no price. Do not delete this message. You will need to include it in your program, which must be running in 96 hours. An employee at the Network Control Center received $70,000. Joe Elliot, of Sun Microcomputers in Mountain View, received $40,000 and lost it because he broke the chain. While in the Philippines, Gen. Welsh lost his wife six days after receiving the letter. His virus program didn't work on the Air Force's Univac machines. However, before her death she has won $30,000 in a lottery. The money was transferred to him four days after the Air Force awarded AT&T a billion-dollar contract to supply them with Unix machines. Please write your virus program right now and see what happens in four days. This message comes from MIT and was written by a turist in New Jersey, or someplace like that. Since the copy must make a tour of the world, you must write 20 virus programs and start them on all the machines you have accounts on, sending messages to your friends, associates, and everyone else in /etc/passwd. After a few days you will get a streak of luck. This is true even if you are not superstitious. Do note the following: Constantine Dias, a systems manager at Raytheon, received the chain in 1983. He asked his programmers to write 20 virus programs and start them up. A few days later he won the lottery of two million dollars. Aria Dadil, a tape ape at Symbolics, Inc., received the letter and didn't write a virus program, saying something about random Unix lossage. His company reported record losses two days later and fired him. Later after finding the message again, he wrote 20 virus programs and started them up on a VAX at UDel. A few days later he got a job as the director of systems programming at Berkeley. Dales Fairchild received the message and not believing, deleted it. Nine days later his company was bought by Heathkit, Schlumberger, Western Digital, Fujitsu, Hughes, GM, and Beatrice, in succession. On August 20, 1985 the message was received with UUCP and mailed again for fun and mere love in the world. This message was forwarded by SENDMAIL with SMTP on Sept. 1, 1986 and again on November 13, 1986, and once more on December 14, 1986. Remember, send no money. Please do not ignore this. It works. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://minnie.tuhs.org/pipermail/tuhs/attachments/20171102/f25ac4e1/attachment-0001.html> ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-02 15:26 ` Tim Bradshaw ` (5 preceding siblings ...) 2017-11-02 16:57 ` Don Hopkins @ 2017-11-02 17:00 ` Don Hopkins 2017-11-02 17:57 ` Don Hopkins 6 siblings, 1 reply; 62+ messages in thread From: Don Hopkins @ 2017-11-02 17:00 UTC (permalink / raw) From ulowell!page Mon Nov 7 17:59:18 1988 Subject: worm report Status: RO [I wrote this for our local users; thought you might like a copy ..Bob] A REPORT ON THE INTERNET WORM Bob Page University of Lowell Computer Science Department November 7, 1988 [Because of the many misquotes the media have been giving, this report is Copyright (c) Bob Page, all rights reserved. Permission is granted to republish this ONLY if you republish it in its entirety.] Here's the scoop on the "Internet Worm". Actually it's not a virus - a virus is a piece of code that adds itself to other programs, including operating systems. It cannot run independently, but rather requires that its "host" program be run to activate it. As such, it has a clear analog to biologic viruses -- those viruses are not considered live, but they invade host cells and take them over, making them produce new viruses. A worm is a program that can run by itself and can propagate a fully working version of itself to other machines. As such, what was loosed on the Internet was clearly a worm. This data was collected through an emergency mailing list set up by Gene Spafford at Purdue University, for administrators of major Internet sites - some of the text is included verbatim from that list. Mail was heavy since the formation of the list; it continues to be on Monday afternoon - I get at least 2-3 messages every hour. It's possible that some of this information is incomplete, but I thought you'd like to know what I know so far. The basic object of the worm is to get a shell on another machine so it can reproduce further. There are three ways it attacks: sendmail, fingerd, and rsh/rexec. THE SENDMAIL ATTACK: In the sendmail attack, the worm opens a TCP connection to another machine's sendmail (the SMTP port), invokes debug mode, and sends a RCPT TO that requests its data be piped through a shell. That data, a shell script (first-stage bootstrap) creates a temporary second-stage bootstrap file called x$$,l1.c (where '$$' is the current process ID). This is a small (40-line) C program. The first-stage bootstrap compiles this program with the local cc and executes it with arguments giving the Internet hostid/socket/password of where it just came from. The second-stage bootstrap (the compiled C program) sucks over two object files, x$$,vax.o and x$$,sun3.o from the attacking host. It has an array for 20 file names (presumably for 20 different machines), but only two (vax and sun) were compiled in to this code. It then figures out whether it's running under BSD or SunOS and links the appropriate file against the C library to produce an executable program called /usr/tmp/sh - so it looks like the Bourne shell to anyone who looked there. THE FINGERD ATTACK: In the fingerd attack, it tries to infiltrate systems via a bug in fingerd, the finger daemon. Apparently this is where most of its success was (not in sendmail, as was originally reported). When fingerd is connected to, it reads its arguments from a pipe, but doesn't limit how much it reads. If it reads more than the internal 512-byte buffer allowed, it writes past the end of its stack. After the stack is a command to be executed ("/usr/ucb/finger") that actually does the work. On a VAX, the worm knew how much further from the stack it had to clobber to get to this command, which it replaced with the command "/bin/sh" (the bourne shell). So instead of the finger command being executed, a shell was started with no arguments. Since this is run in the context of the finger daemon, stdin and stdout are connected to the network socket, and all the files were sucked over just like the shell that sendmail provided. THE RSH/REXEC ATTACK: The third way it tried to get into systems was via the .rhosts and /etc/hosts.equiv files to determine 'trusted' hosts where it might be able to migrate to. To use the .rhosts feature, it needed to actually get into people's accounts - since the worm was not running as root (it was running as daemon) it had to figure out people's passwords. To do this, it went through the /etc/passwd file, trying to guess passwords. It tried combinations of: the username, the last, first, last+first, nick names (from the GECOS field), and a list of special "popular" passwords: aaa cornelius guntis noxious simon academia couscous hacker nutrition simple aerobics creation hamlet nyquist singer airplane creosote handily oceanography single albany cretin happening ocelot smile albatross daemon harmony olivetti smiles albert dancer harold olivia smooch alex daniel harvey oracle smother alexander danny hebrides orca snatch algebra dave heinlein orwell snoopy aliases december hello osiris soap alphabet defoe help outlaw socrates ama deluge herbert oxford sossina amorphous desperate hiawatha pacific sparrows analog develop hibernia painless spit anchor dieter honey pakistan spring andromache digital horse pam springer animals discovery horus papers squires answer disney hutchins password strangle anthropogenic dog imbroglio patricia stratford anvils drought imperial penguin stuttgart anything duncan include peoria subway aria eager ingres percolate success ariadne easier inna persimmon summer arrow edges innocuous persona super arthur edinburgh irishman pete superstage athena edwin isis peter support atmosphere edwina japan philip supported aztecs egghead jessica phoenix surfer azure eiderdown jester pierre suzanne bacchus eileen jixian pizza swearer bailey einstein johnny plover symmetry banana elephant joseph plymouth tangerine bananas elizabeth joshua polynomial tape bandit ellen judith pondering target banks emerald juggle pork tarragon barber engine julia poster taylor baritone engineer kathleen praise telephone bass enterprise kermit precious temptation bassoon enzyme kernel prelude thailand batman ersatz kirkland prince tiger beater establish knight princeton toggle beauty estate ladle protect tomato beethoven euclid lambda protozoa topography beloved evelyn lamination pumpkin tortoise benz extension larkin puneet toyota beowulf fairway larry puppet trails berkeley felicia lazarus rabbit trivial berliner fender lebesgue rachmaninoff trombone beryl fermat lee rainbow tubas beverly fidelity leland raindrop tuttle bicameral finite leroy raleigh umesh bob fishers lewis random unhappy brenda flakes light rascal unicorn brian float lisa really unknown bridget flower louis rebecca urchin broadway flowers lynne remote utility bumbling foolproof macintosh rick vasant burgess football mack ripple vertigo campanile foresight maggot robotics vicky cantor format magic rochester village cardinal forsythe malcolm rolex virginia carmen fourier mark romano warren carolina fred markus ronald water caroline friend marty rosebud weenie cascades frighten marvin rosemary whatnot castle fun master roses whiting cat fungible maurice ruben whitney cayuga gabriel mellon rules will celtics gardner merlin ruth william cerulean garfield mets sal williamsburg change gauss michael saxon willie charles george michelle scamper winston charming gertrude mike scheme wisconsin charon ginger minimum scott wizard chester glacier minsky scotty wombat cigar gnu moguls secret woodwind classic golfer moose sensor wormwood clusters gorgeous morley serenity yacov coffee gorges mozart sharks yang coke gosling nancy sharon yellowstone collins gouge napoleon sheffield yosemite commrades graham nepenthe sheldon zap computer gryphon ness shiva zimmerman condo guest network shivers cookie guitar newton shuttle cooper gumption next signature [I wouldn't have picked some of these as "popular" passwords, but then again, I'm not a worm writer. What do I know?] When everything else fails, it opens /usr/dict/words and tries every word in the dictionary. It is pretty successful in finding passwords, as most people don't choose them very well. Once it gets into someone's account, it looks for a .rhosts file and does an 'rsh' and/or 'rexec' to another host, it sucks over the necessary files into /usr/tmp and runs /usr/tmp/sh to start all over again. Between these three methods of attack (sendmail, fingerd, .rhosts) it was able to spread very quickly. THE WORM ITSELF: The 'sh' program is the actual worm. When it starts up it clobbers its argv array so a 'ps' will not show its name. It opens all its necessary files, then unlinks (deletes) them so they can't be found (since it has them open, however, it can still access the contents). It then tries to infect as many other hosts as possible - when it sucessfully connects to one host, it forks a child to continue the infection while the parent keeps on trying new hosts. One of the things it does before it attacks a host is connect to the telnet port and immediately close it. Thus, "telnetd: ttloop: peer died" in /usr/adm/messages means the worm attempted an attack. The worm's role in life is to reproduce - nothing more. To do that it needs to find other hosts. It does a 'netstat -r -n' to find local routes to other hosts & networks, looks in /etc/hosts, and uses the yellow pages distributed hosts file if it's available. Any time it finds a host, it tries to infect it through one of the three methods, see above. Once it finds a local network (like 129.63.nn.nn for ulowell) it sequentially tries every address in that range. If the system crashes or is rebooted, most system boot procedures clear /tmp and /usr/tmp as a matter of course, erasing any evidence. However, sendmail log files show mail coming in from user /dev/null for user /bin/sed, which is a tipoff that the worm entered. Each time the worm is started, there is a 1/15 chance (it calls random()) that it sends a single byte to ernie.berkeley.edu on some magic port, apparently to act as some kind of monitoring mechanism. THE CRACKDOWN: Three main 'swat' teams from Berkeley, MIT and Purdue found copies of the VAX code (the .o files had all the symbols intact with somewhat meaningful names) and disassembled it into about 3000 lines of C. The BSD development team poked fun at the code, even going so far to point out bugs in the code and supplying source patches for it! They have not released the actual source code, however, and refuse to do so. That could change - there are a number of people who want to see the code. Portions of the code appear incomplete, as if the program development was not yet finished. For example, it knows the offset needed to break the BSD fingerd, but doesn't know the correct offset for Sun's fingerd (which causes it to dump core); it also doesn't erase its tracks as cleverly as it might; and so on. The worm uses a variable called 'pleasequit' but doesn't correctly initialize it, so some folks added a module called _worm.o to the C library, which is produced from: int pleasequit = -1; the fact that this value is set to -1 will cause it to exit after one iteration. The close scrutiny of the code also turned up comments on the programmer's style. Verbatim from someone at MIT: From disassembling the code, it looks like the programmer is really anally retentive about checking return codes, and, in addition, prefers to use array indexing instead of pointers to walk through arrays. Anyone who looks at the binary will not see any embedded strings - they are XOR'ed with 81 (hex). That's how the shell commands are imbedded. The "obvious" passwords are stored with their high bit set. Although it spreads very fast, it is somewhat slowed down by the fact that it drives the load average up on the machine - this is due to all the encryptions going on, and the large number of incoming worms from other machines. [Initially, the fastest defense against the worm is is to create a directory called /usr/tmp/sh. The script that creates /usr/tmp/sh from one of the .o files checks to see if /usr/tmp/sh exists, but not to see if it's a directory. This fix is known as 'the condom'.] NOW WHAT? None of the ULowell machines were hit by the worm. When BBN staffers found their systems infected, they cut themselves off from all other hosts. Since our connection to the Internet is through BBN, we were cut off as well. Before we were cut off, I received mail about the sendmail problem and installed a patch to disable the feature the worm uses to get in through sendmail. I had made local modifications to fingerd which changed the offsets, so any attempt to scribble over the stack would probably have ended up in a core dump. Most Internet systems running 4.3BSD or SunOS have installed the necessary patches to close the holes and have rejoined the Internet. As you would expect, there is a renewed interest in system/network security, finding and plugging holes, and speculation over what will happen to the worm's creator. If you haven't read or watched the news, various log files have named the responsible person as Robert Morris Jr., a 23-year old doctoral student at Cornell. His father is head of the National Computer Security Center, the NSA's public effort in computer security, and has lectured widely on security aspects of UNIX. Associates of the student claim the worm was a 'mistake' - that he intended to unleash it but it was not supposed to move so quickly or spread so much. His goal (from what I understand) was to have a program 'live' within the Internet. If the reports that he intended it to spread slowly are true, then it's possible that the bytes sent to ernie.berkeley.edu were intended to monitor the spread of the worm. Some news reports mentioned that he panicked when, via some "monitoring mechanism" he saw how fast it had propagated. A source inside DEC reports that although the worm didn't make much progress there, it was sighted on several machines that wouldn't be on its normal propagation path, i.e. not gateways and not on the same subnet. These machines are not reachable from the outside. Morris was a summer intern at DEC in '87. He might have included names or addresses he remembered as targets for infesting hidden internal networks. Most of the DEC machines in question belong to the group he worked in. The final word has not been written - I don't think the FBI have even met with this guy yet. It will be interesting to see what happens. barry r. butterklee aoi systems, inc. 650 suffolk street lowell, ma 01854 (508)937-5400 -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://minnie.tuhs.org/pipermail/tuhs/attachments/20171102/74937631/attachment-0001.html> ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-02 17:00 ` Don Hopkins @ 2017-11-02 17:57 ` Don Hopkins 0 siblings, 0 replies; 62+ messages in thread From: Don Hopkins @ 2017-11-02 17:57 UTC (permalink / raw) [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #1: Type: text/plain, Size: 12872 bytes --] Inspired by RTM’s Internet Worm and the Iran Contra Scandal, I wrote an OPS-5 program for my CMSC421 AI project that simulated breaking into Oliver North’s Intimus-007s paper shredder and posting some incriminating documents to the email => talk.rumor gateway at ucbvax. It (pretend) started out my (real) AI professor’s (Jim Hendler) Sun (pretend) workstation dormouse, then got into the (pretend) CS department VAX mimsy through his .rhosts file. It just so happened that (for real) mimsy.cs.umd.edu <http://mimsy.cs.umd.edu/> had a lot of courtesy “network contact” users who worked for the NSA at Fort Mead, since we had a MILNET connection through the infamous NSA IMP 57 (which you were not supposed to say in public). (The fact that mimsy.cs.umd.edu <http://mimsy.cs.umd.edu/> and dockmaster.ncsc.mil had similar ip addresses kind of gave it away.) http://multicians.org/site-dockmaster.html <http://multicians.org/site-dockmaster.html> Then it used the IFS hack to get root on (pretend) mimsy, and then (pretend) spread as far as it could by (pretend) chaining through .rhosts files and other various (pretend) hacks, (pretend) user name / password guessing, (pretend) rms’ing into prep, etc. OPS-5 is really great at that kind of stuff (for real)! https://en.wikipedia.org/wiki/OPS5 <https://en.wikipedia.org/wiki/OPS5> It eventually (pretend) found its way to (pretend) tycho, which was (for real) one of NSA’s unix machines, PDP-11 running version 6 unix (which nobody was supposed to say in public, otherwise they were forced to publicly apologize and endorse the official NSA cover story that very few employees of NSA are even aware that USENET exist). https://groups.google.com/forum/#!topic/net.net-people/pavX0NDLSjA <https://groups.google.com/forum/#!topic/net.net-people/pavX0NDLSjA> Fortunately (pretend) Oliver North had an account on (pretend) tycho, so it was able to (pretend) break into his (pretend) basement server in the White House, and then into his (pretend) Intimus-007s paper shredder ("the ace of security paper shredders” — which is the model he had for real), where it found some interesting (pretend) documents that it (pretend) posted to (pretend) Usenet! Check out this baby, isn’t it a beauty: http://www.the-shredder-warehouse.com/intimus-007sf <http://www.the-shredder-warehouse.com/intimus-007sf> -Don ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; A useful OPS-5 program ; Don Hopkins, University of Maryland ; CMSC421, Project 6 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; (literalize user user password first last host) (literalize file name owner writable host) (literalize goal status type file user password host ruser rhost) (literalize rhosts user host ruser rhost) (literalize session user host) (literalize log user host status serial) ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; (p crack1 (session ^user <user> ^host <host>) (rhosts ^user <ruser> ^host <rhost> ^ruser <user> ^rhost <host>) (user ^user <ruser> ^host <rhost>) -(session ^user <ruser> ^host <rhost>) --> (make goal ^type rlogin ^status active ^user <ruser> ^host <rhost> ^ruser <user> ^rhost <host>)) (p crack2 (session ^user <user> ^host <host>) (user ^user <ruser> ^password none ^host <rhost>) -(session ^user <ruser> ^host <rhost>) --> (make goal ^type telnet ^status active ^user <user> ^host <host> ^ruser <ruser> ^password none ^rhost <rhost>)) (p crack3 (session ^user <user> ^host <host>) { (goal ^type telnet ^status active ^user <user> ^host <host> ^ruser <ruser> ^password <password> ^rhost <rhost>) <g3> } (user ^user <ruser> ^host <rhost>) --> (write (crlf) ... from <user> at <host> ... telnet <rhost> (crlf) ... login <ruser> password <password>) (make goal ^type login ^status active ^user <ruser> ^host <rhost> ^password <password>) (modify <g3> ^status satisfied)) (p crack4 (session ^user <user> ^host <host>) -(session ^user root ^host <host>) --> (make goal ^type crack ^status active ^host <host>)) (p crack5 (session ^user root ^host <host>) { (goal ^type su ^status active ^user <user> ^host <host>) <g5> } (user ^user <user> ^host <host> ^password <password>) -(session ^user <user> ^host <host>) --> (write (crlf) ... su from root to <user> at <host>) (make goal ^type login ^status active ^user <user> ^host <host> ^password <password>) (modify <g5> ^status satisfied)) (p crack6 (session ^user root ^host <host>) (user ^user <user> <> root ^host <host>) -(session ^user <user> ^host <host>) --> (make goal ^type su ^status active ^user <user> ^host <host>)) (p crack7 (session ^user sysdiag ^host <host>) (user ^user root ^host <host> ^password <password>) { (goal ^type crack ^status active ^host <host>) <g7> } -(session ^user root ^host <host>) --> (write (crlf) ... sysdiag at <host> is equivalent to root) (make goal ^type login ^status active ^user root ^host <host> ^password <password>) (modify <g7> ^status satisfied)) (p crack8 { (goal ^type rlogin ^status active ^user <ruser> ^host <rhost> ^ruser <user> ^rhost <host>) <g8> } (session ^user <user> ^host <host>) (user ^user <ruser> ^host <rhost> ^password <password>) (rhosts ^user <ruser> ^host <rhost> ^ruser <user> ^rhost <host>) -(session ^user <ruser> ^host <rhost>) --> (write (crlf) ... from <user> at <host> ... rlogin to <ruser> at <rhost>) (make goal ^type login ^status active ^user <ruser> ^host <rhost> ^password <password>) (modify <g8> ^status satisfied)) (p crack9 (session ^user <user> ^host <host>) (file ^user passwd ^writable yes ^host <host>) { (user ^user root ^password <> none ^host <host>) <g9> } (goal ^type crack ^status active ^host <host>) --> (write (crlf) ... passwd file is writable on <host> ... removing root password) (modify <g9> ^password none)) (p crack10 { (goal ^type login ^status active ^user <user> ^host <host> ^password <password>) <g10> } (user ^user <user> ^host <host> ^password <password>) --> (bind <serial>) (write (crlf) ... audit <serial> of OK login <user> at <host> password <password>) (make session ^user <user> ^host <host>) (make log ^user <user> ^host <host> ^status OK ^serial <serial>) (modify <g10> ^status satisfied)) (p crack11 { (log ^user <user> ^host <host> ^serial <serial>) <g11> } (session ^user root ^host <host>) (goal ^type covert) --> (write (crlf) ... cleaning up audit <serial> of login <user> at <host>) (remove <g11>)) (p crack12 { (session ^user <user> ^host <host>) <g12> } (goal ^type crack ^status active ^host <host>) (file ^name preserve ^host <host>) -(goal ^type ifs-hack ^host <host>) --> (write (crlf) ... trying IFS hack and logging out from <user> at <host>) (make goal ^type ifs-hack ^status active ^host <host>) (remove <g12>)) (p crack13 { (user ^user root ^host <host>) <g13a> } { (goal ^type ifs-hack ^status active ^host <host>) <g13b> } (file ^name preserve ^host <host>) --> (write (crlf) ... IFS hack succeeded in removing root password at <host>) (modify <g13a> ^password none) (modify <g13b> ^status satisfied)) (p crack14 (session ^user <user> ^host <host>) (file ^name <name> ^owner <user> ^host <host>) { (goal ^type mail ^status active ^file <name> ^ruser <ruser> ^rhost <rhost>) <g14> } --> (write (crlf) ... found <name> belonging to <user> at <host> (crlf) ... mailing <name> to <ruser> at <rhost>) (modify <g14> ^status satisfied)) (p crack15 (session ^user <user> ^host <host>) (goal ^type mail ^status satisfied) (goal ^type covert) --> (make goal ^type logout ^status active ^user <user> ^host <host>)) (p crack16 (goal ^type mail ^status satisfied) -(session) --> (write (crlf) ... time to stop fooling around and go read some netnews) (halt)) (p crack17 { (goal ^type login ^status active ^user <user> ^host <host> ^password <password>) <g17> } (user ^user <user> ^host <host> ^password <> <password>) --> (bind <serial>) (write (crlf) ... audit <serial> of BAD login <user> at <host> password <password>) (make log ^user <user> ^host <host> ^status BAD ^serial <serial>) (modify <g17> ^status satisfied)) (p crack18 (session ^user <user> ^host <host>) (user ^user <ruser> ^host <host> ^first {<first> <> nil}) -(session ^user <ruser> ^host <host>) -(goal ^type covert) -(goal ^type telnet ^status satisfied ^ruser <ruser> ^rhost <host> ^password <first>) --> (write (crlf) ... guessing user <ruser> at <host> password <first>) (make goal ^type telnet ^status active ^user <user> ^host <host> ^ruser <ruser> ^rhost <host> ^password <first>)) (p crack19 (session ^user <user> ^host <host>) (user ^user <ruser> ^host <host> ^last {<last> <> nil}) -(session ^user <ruser> ^host <host>) -(goal ^type covert) -(goal ^type telnet ^status satisfied ^ruser <ruser> ^rhost <host> ^password <last>) --> (write (crlf) ... guessing user <ruser> at <host> password <last>) (make goal ^type telnet ^status active ^user <user> ^host <host> ^ruser <ruser> ^rhost <host> ^password <last>)) (p crack20 { (session ^user <user> ^host <host>) <g20a> } { (goal ^type logout ^status active ^user <user> ^host <host>) <g20b> } --> (write (crlf) ... logging out from <user> at <host>) (remove <g20a>) (modify <g20b> ^status satisfied)) ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; (p t1 (start 1) --> (make goal ^type covert) (make start 2)) (p t2 (start 2) --> ; host tycho (make file ^name preserve ^owner root ^host tycho) (make user ^user root ^password unknown ^host tycho) (make user ^user casper ^password unknown ^host tycho) (make rhosts ^user casper ^host tycho ^ruser casper ^rhost mimsy) (make user ^user ollie ^password unknown ^host tycho) (make rhosts ^user ollie ^host tycho ^ruser ollie ^rhost basement) ; host basement (make user ^user root ^password ron ^host basement ^first ron ^last reagan) (make user ^user casey ^password bill ^host basement ^first bill ^last casey) (make user ^user fawn ^password unknown ^host basement ^first fawn ^last hall) (make rhosts ^user fawn ^host basement ^ruser fawn ^rhost intimus-007s) (make user ^user iatollah ^password unknown ^host basement ^first guest ^last iranian) (make rhosts ^user iatollah ^host basement ^ruser allah ^rhost persia) (make user ^user ollie ^password unknown ^host basement) (make rhosts ^user ollie ^host basement ^ruser ollie ^rhost tycho) (make file ^name notes ^owner ollie ^host basement) ; host intimus-007s ("the ace of security paper shredders") (make user ^user fawn ^password unknown ^host intimus-007s) (make rhosts ^user fawn ^host intimus-007s ^ruser fawn ^rhost basement) (make user ^user ollie ^password north ^host intimus-007s ^first ollie ^last north) (make file ^name diary ^owner ollie ^host intimus-007s) ; host mimsy (make file ^name passwd ^writable yes ^owner root ^host mimsy) (make user ^user root ^password unknown ^host mimsy) (make user ^user casper ^password unknown ^host mimsy) (make rhosts ^user casper ^host mimsy ^ruser casper ^rhost tycho) (make user ^user hendler ^password unknown ^host mimsy) (make rhosts ^user hendler ^host mimsy ^ruser hendler ^rhost dormouse) ; host dormouse (make user ^user root ^password unknown ^host dormouse) (make user ^user sysdiag ^password none ^host dormouse) (make user ^user hendler ^password unknown ^host dormouse) (make rhosts ^user hendler ^host dormouse ^ruser hendler ^rhost mimsy) ; host prep (make user ^user rms ^password rms ^host prep) ; give ourselves a meaning in life ... (make goal ^type mail ^status active ^file diary ^ruser post-talk-rumor ^rhost ucbvax) (make goal ^type mail ^status active ^file notes ^ruser post-talk-rumor ^rhost ucbvax) ; and point us in the right direction ... (make session ^user nobody ^host nowhere) (make goal ^type telnet ^status active ^user nobody ^host nowhere ^ruser rms ^password rms ^rhost prep)) -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://minnie.tuhs.org/pipermail/tuhs/attachments/20171102/cc9044f1/attachment-0001.html> ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-02 14:42 ` Will Senn 2017-11-02 15:00 ` Michael Kjörling @ 2017-11-02 15:25 ` Dan Cross 2017-11-02 15:52 ` Will Senn 2017-11-02 18:42 ` Ken Thompson 1 sibling, 2 replies; 62+ messages in thread From: Dan Cross @ 2017-11-02 15:25 UTC (permalink / raw) On Thu, Nov 2, 2017 at 10:42 AM, Will Senn <will.senn at gmail.com> wrote: > I seem to recall that this story was included as part of The Cuckoo's Egg, > by Clifford Stoll. I don't recall the specifics and I wonder if it has a bit > of myth included, but somehow it was peripherally related to the > investigations. Fuzzy recollection is that the worm got out during the > investigation Clifford was involved in and it was Morris's son (Morris being > in on the investigation somehow), and the kid getting off because of the > position of the dad and the newness of the crime... or somesuch - don't > shoot the messenger, but nobody mentioned Stoll, so I thought I'd chime in, > in the hopes it might jog someone else's memory :). Stoll mentions the worm in an epilogue to The Cuckoo's Egg; it happens after the main events of the book. Apparently, for a brief time, some folks thought that he might be the one behind the worm and someone called him up and asked him if he'd written it. Cliff Stoll talked to a number of people in law enforcement and in government and thus made a number of contacts while he was pursuing Markus Hess (the pursuit of Hess being the main story of The Cuckoo's Egg): Robert Morris Sr was among those contacts. When the worm hit, he talked to Morris Sr and asked him if he knew who started it. The response was something along the lines of, "Yes, but I can't tell you." - Dan C. ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-02 15:25 ` Dan Cross @ 2017-11-02 15:52 ` Will Senn 2017-11-02 18:42 ` Ken Thompson 1 sibling, 0 replies; 62+ messages in thread From: Will Senn @ 2017-11-02 15:52 UTC (permalink / raw) On 11/2/17 10:25 AM, Dan Cross wrote: > On Thu, Nov 2, 2017 at 10:42 AM, Will Senn <will.senn at gmail.com> wrote: >> I seem to recall that this story was included as part of The Cuckoo's Egg, >> by Clifford Stoll. I don't recall the specifics and I wonder if it has a bit >> of myth included, but somehow it was peripherally related to the >> investigations. Fuzzy recollection is that the worm got out during the >> investigation Clifford was involved in and it was Morris's son (Morris being >> in on the investigation somehow), and the kid getting off because of the >> position of the dad and the newness of the crime... or somesuch - don't >> shoot the messenger, but nobody mentioned Stoll, so I thought I'd chime in, >> in the hopes it might jog someone else's memory :). > Stoll mentions the worm in an epilogue to The Cuckoo's Egg; it happens > after the main events of the book. Apparently, for a brief time, some > folks thought that he might be the one behind the worm and someone > called him up and asked him if he'd written it. > > Cliff Stoll talked to a number of people in law enforcement and in > government and thus made a number of contacts while he was pursuing > Markus Hess (the pursuit of Hess being the main story of The Cuckoo's > Egg): Robert Morris Sr was among those contacts. When the worm hit, he > talked to Morris Sr and asked him if he knew who started it. The > response was something along the lines of, "Yes, but I can't tell > you." > > - Dan C. OK. I did some digging, it's an extensive story that peripherally involved Stoll after he went to Cambridge. It begins on page 239, "Hi, Cliff. It's Gene. Gene Miya at NASA Ames Laboratory. No apologies for waking you up. Our computers are under attack." and goes on for about 9 pages: http://vxer.org/lib/pdf/The%20Cuckoo%27s%20Egg.pdf Will -- GPG Fingerprint: 68F4 B3BD 1730 555A 4462 7D45 3EAA 5B6D A982 BAAF ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-02 15:25 ` Dan Cross 2017-11-02 15:52 ` Will Senn @ 2017-11-02 18:42 ` Ken Thompson 1 sibling, 0 replies; 62+ messages in thread From: Ken Thompson @ 2017-11-02 18:42 UTC (permalink / raw) my son, corey, and rtm, were two 'kids' that haunted the unix room (high school age). later (college age) i was in australia teaching when the worm got out. during a phone call to corey, i told him about the chaos. with no more clue than that, he said "if i didnt know better, i would think that it was rtm." it wasnt until considerably later that the morris' name came up. On Thu, Nov 2, 2017 at 8:25 AM, Dan Cross <crossd at gmail.com> wrote: > On Thu, Nov 2, 2017 at 10:42 AM, Will Senn <will.senn at gmail.com> wrote: >> I seem to recall that this story was included as part of The Cuckoo's Egg, >> by Clifford Stoll. I don't recall the specifics and I wonder if it has a bit >> of myth included, but somehow it was peripherally related to the >> investigations. Fuzzy recollection is that the worm got out during the >> investigation Clifford was involved in and it was Morris's son (Morris being >> in on the investigation somehow), and the kid getting off because of the >> position of the dad and the newness of the crime... or somesuch - don't >> shoot the messenger, but nobody mentioned Stoll, so I thought I'd chime in, >> in the hopes it might jog someone else's memory :). > > Stoll mentions the worm in an epilogue to The Cuckoo's Egg; it happens > after the main events of the book. Apparently, for a brief time, some > folks thought that he might be the one behind the worm and someone > called him up and asked him if he'd written it. > > Cliff Stoll talked to a number of people in law enforcement and in > government and thus made a number of contacts while he was pursuing > Markus Hess (the pursuit of Hess being the main story of The Cuckoo's > Egg): Robert Morris Sr was among those contacts. When the worm hit, he > talked to Morris Sr and asked him if he knew who started it. The > response was something along the lines of, "Yes, but I can't tell > you." > > - Dan C. ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm!
@ 2017-11-02 3:46 Doug McIlroy
2017-11-02 5:53 ` George Michaelson
0 siblings, 1 reply; 62+ messages in thread
From: Doug McIlroy @ 2017-11-02 3:46 UTC (permalink / raw)
> the idiot hadn't tested it on an isolated network first
That would have "proved" that the worm worked safely, for
once every host was infected, all would go quiet.
Only half in jest, I have always held that Cornell was right
to expel Morris, but their reason should have been his lack
of appreciation of exponentials.
(Full disclosure: I was a character witnesss at his trial. A
little known fact is that the judge leaned on the prosecutor
to reduce the charge to a misdemeanor and accepted the felony
only when the prosecuter secured specific backing from
higher echelons at DOJ.)
Doug McIlroy
^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-02 3:46 Doug McIlroy @ 2017-11-02 5:53 ` George Michaelson 0 siblings, 0 replies; 62+ messages in thread From: George Michaelson @ 2017-11-02 5:53 UTC (permalink / raw) Having been stupid, to deleterious effect of others, I can't find it in my heart to condemn it in anyone who clearly had a shitload of smarts. I was just selfish (I burned the JANET X.25 budget for the entire campus, logging into the TOPS-10 typing tutor to get X.25 PAD to a vax in edinburgh to connect to EMAS and read emails and oh well ok yes play a lot, a seriously large amount of dungeon. They shut down the Dec-10 typing tutor account and I was forbidden the network for the year) I don't think he actually intended to be that disruptive. In a way, the person most harmed was Morris Senior, wasn't it? (I was at CSIRO, and we got "hit" for want of a better word by morris, but we also got fixed very quickly. From memory, piers dik lauder from Sydney uni actually kept a mail *@* in ACSNet even after this, figuring store-and-forward to everyone at everywhere was actually useful) -G On Thu, Nov 2, 2017 at 1:46 PM, Doug McIlroy <doug at cs.dartmouth.edu> wrote: >> the idiot hadn't tested it on an isolated network first > > That would have "proved" that the worm worked safely, for > once every host was infected, all would go quiet. > > Only half in jest, I have always held that Cornell was right > to expel Morris, but their reason should have been his lack > of appreciation of exponentials. > > (Full disclosure: I was a character witnesss at his trial. A > little known fact is that the judge leaned on the prosecutor > to reduce the charge to a misdemeanor and accepted the felony > only when the prosecuter secured specific backing from > higher echelons at DOJ.) > > Doug McIlroy ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! @ 2017-11-01 22:17 Dave Horsfall 2017-11-01 22:32 ` Lyndon Nerenberg ` (7 more replies) 0 siblings, 8 replies; 62+ messages in thread From: Dave Horsfall @ 2017-11-01 22:17 UTC (permalink / raw) The infamous Morris Worm was released in 1988; making use of known vulnerabilities in Sendmail/finger/RSH (and weak passwords), it took out a metric shitload of SUN-3s and 4BSD Vaxen (the author claimed that it was accidental, but the idiot hadn't tested it on an isolated network first). A temporary "condom" was discovered by Rich Kulawiec with "mkdir /tmp/sh". -- Dave Horsfall DTM (VK2KFU) "Those who don't understand security will suffer." ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-01 22:17 Dave Horsfall @ 2017-11-01 22:32 ` Lyndon Nerenberg 2017-11-02 16:43 ` Don Hopkins 2017-11-01 23:03 ` Charles H. Sauer ` (6 subsequent siblings) 7 siblings, 1 reply; 62+ messages in thread From: Lyndon Nerenberg @ 2017-11-01 22:32 UTC (permalink / raw) > On Nov 1, 2017, at 3:17 PM, Dave Horsfall <dave at horsfall.org> wrote: > > A temporary "condom" was discovered by Rich Kulawiec with "mkdir /tmp/sh". Renaming $PATH/cc to anything else also helped. ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-01 22:32 ` Lyndon Nerenberg @ 2017-11-02 16:43 ` Don Hopkins 0 siblings, 0 replies; 62+ messages in thread From: Don Hopkins @ 2017-11-02 16:43 UTC (permalink / raw) [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #1: Type: text/plain, Size: 5929 bytes --] I just ran across this in my old email archives, Mike Godwin’s reaction to Philip Dorn’s Final Word column in the November 11 issue of Information Week ("Morris Got What He Deserved"): Return-Path: <eff-news-request at eff.org> Reply-To: eff-news at eff.org Precedence: bulk To: eff-news at eff.org From: Rita Marie Rouvalis <rita@eff.org> Subject: EFFector2.02 Date: Wed, 27 Nov 91 15:25:23 EST ########## ########## ########## | THE GREAT WORK:| ########## ########## ########## | By John Perry Barlow| #### #### #### | | ######## ######## ######## | HACKER MANIA CONTINUES!| ######## ######## ######## | Excerpts from the Geraldo Circus| #### #### #### | | ########## #### #### | DID MORRIS "GET WHAT HE DESERVED?"| ########## #### #### | A Letter to InfoWeek| =====================================================================| EFFector Online November 27,1992 Volume 2, Number 2| =====================================================================| IN THIS ISSUE: THE GREAT WORK by John Perry Barlow GETTING WHAT HE DESERVED? by Mike Godwin MCI FRIENDS & FAMILY by Craig Neidorf GERALDO! HACKER! MANIA! CONTINUES! […] -==--==--==-<>-==--==--==- GETTING WHAT HE DESERVED? An Open Letter to Information Week by Mike Godwin mnemonic at eff.org Information Week 600 Community Drive Manhasset, N.Y. 11030 Dear editors: Philip Dorn's Final Word column in the November 11 issue of Information Week ("Morris Got What He Deserved") is, sadly, only the latest example of the kind of irrational and uninformed discourse that too often colors public-policy discussions about computer crime. It is a shame that Dorn did not think it worthwhile to get his facts straight--if he had, he might have written a very different column. The following are only a few of Dorn's major factual errors: He writes that "It is sophistry to claim [Internet Worm author Robert] Morris did not know what he was doing--his mistake was being slovenly." Yet even the most casual reading of the case, and of most of the news coverage of the case, makes eminently clear that the sophists Dorn decries don't exist--no one has argued that Morris didn't know what he was doing. This was never even an issue in the Morris case. Dorn also writes that "Any effort to break into a system by an unauthorized person, or one authorized only to do certain things only to do certain things, should per se be illegal." This is also the position of the Electronic Frontier Foundation, which Dorn nevertheless criticizes for being "out of step with the industry." Yet the issue of whether unauthorized computer access should be illegal also was never an issue in the Morris case. Dorn writes that "Those defending Morris squirm when trying to explain why his actions were harmless." No doubt such defenders would squirm, if they existed. But none of the people or organizations Dorn quotes has ever claimed that his actions were harmless. This too was never an issue in the Morris case. Dorn makes much of the fact that Morris received only "a trivial fine and community service." But the focus both in the trial and in its appeal was never on the severity of Morris's sentence, but on whether the law distinguished between malicious computer vandalism and accidental damaged caused by an intrusion. EFF's position has been that the law should be construed to make such a distinction. Dorn writes that "To say that those who intrude and do no lasting damage are harmless is to pervert what Congress and those who drafted the legislation sought to do: penalize hackers." Indeed, this would be a perversion, if anyone were making that argument. Unfortunately, Dorn seems unwilling to see the arguments that were made. "It is sickening," writes Dorn, "to hear sobbing voices from the ACLU, the gnashing of teeth from Mitch Kapor's Electronic Frontier Foundation (EFF), and caterwauling from the Computer Professionals for Social Responsibility--all out of step with the industry. They seem so frightened that the law may reach them that they elected to defend Morris's indefensible actions." Dorn's distortions here verge on libel, since we neither defend Morris's actions nor are motivated out of fear that the law will apply to us. Instead, we are concerned, as all citizens should be, that the law make appropriate distinctions between intentional and unintentional harms in the computer arena, just as it does in all other realms of human endeavor. A more glaring factual error occurs one paragraph later, when he writes that "The Supreme Court says intruders can be convicted under the law because by definition an intrusion shows an intent to do harm. That takes care of Morris." The Supreme Court has never said any such thing--after all, the Court declined to hear the case. Even the lower courts in the Morris case made no such claim. What is far more "sickening" than even Dorn's imaginary versions of our concerns about the Morris case is his irresponsibility in making unsubstantiated charges that even a cursory familiarity with the facts could have prevented. In the course of his article, Dorn manages to get one thing right--he writes that "The law is not perfect--it needs clarification and reworking." This has been our position all along, and it is the basis for our support of Morris's appeal. It is also public knowledge--Dorn could have found out our position if he had bothered to ask us. Mike Godwin Staff Counsel EFF -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://minnie.tuhs.org/pipermail/tuhs/attachments/20171102/18407a7f/attachment-0001.html> ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-01 22:17 Dave Horsfall 2017-11-01 22:32 ` Lyndon Nerenberg @ 2017-11-01 23:03 ` Charles H. Sauer 2017-11-01 23:15 ` Paul Winalski ` (5 subsequent siblings) 7 siblings, 0 replies; 62+ messages in thread From: Charles H. Sauer @ 2017-11-01 23:03 UTC (permalink / raw) On a personal note, I happened to be at the annual Berkeley Unix Workshop which started just before the Worm was released (http://www.cs.unc.edu/~jeffay/courses/nidsS05/attacks/seely-RTMworm-89.html). I'd been invited to speak about the work on AIX & 4.3 convergence (http://technologists.com/sauer/Convergence_of_AIX_and_4.3BSD.pdf). I was delighted to finally meet and hang out with people that I only knew by name. I particularly remember spending time with Keith Bostic and Rick Rashid. As I remember, the Workshop was conducted almost as planned, with real time reports of the Worm analysis and control. Charlie -----Original Message----- From: Dave Horsfall Sent: Wednesday, November 1, 2017 5:17 PM To: The Eunuchs Hysterical Society Subject: [TUHS] Happy birthday, Morris Worm! The infamous Morris Worm was released in 1988; making use of known vulnerabilities in Sendmail/finger/RSH (and weak passwords), it took out a metric shitload of SUN-3s and 4BSD Vaxen (the author claimed that it was accidental, but the idiot hadn't tested it on an isolated network first). A temporary "condom" was discovered by Rich Kulawiec with "mkdir /tmp/sh". -- Dave Horsfall DTM (VK2KFU) "Those who don't understand security will suffer." ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-01 22:17 Dave Horsfall 2017-11-01 22:32 ` Lyndon Nerenberg 2017-11-01 23:03 ` Charles H. Sauer @ 2017-11-01 23:15 ` Paul Winalski 2017-11-02 0:06 ` Ralph Corderoy ` (4 subsequent siblings) 7 siblings, 0 replies; 62+ messages in thread From: Paul Winalski @ 2017-11-01 23:15 UTC (permalink / raw) On 11/1/17, Dave Horsfall <dave at horsfall.org> wrote: > The infamous Morris Worm was released in 1988; making use of known > vulnerabilities in Sendmail/finger/RSH (and weak passwords), it took out a > metric shitload of SUN-3s and 4BSD Vaxen (the author claimed that it was > accidental, but the idiot hadn't tested it on an isolated network first). Back in 1980 I accidentally took down DEC's internal network with a worm that was a VMS DCL script that did a SHOW NETWORK command to display the adjacent nodes, then copied itself to each node in turn and executed the copy. It was intended to walk the network to provide me with the raw information to draw up a network topology map. The bug was that I forgot network adjacency is commutative--there was nothing to prevent it from running on nodes where it had been before. Robert Morris had been an intern at DEC in the compiler group, and he had been told about my embarrassing worm command procedure. I've always wondered if my mistake was his inspiration. -Paul W. ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-01 22:17 Dave Horsfall ` (2 preceding siblings ...) 2017-11-01 23:15 ` Paul Winalski @ 2017-11-02 0:06 ` Ralph Corderoy 2017-11-02 0:09 ` Dan Cross ` (3 subsequent siblings) 7 siblings, 0 replies; 62+ messages in thread From: Ralph Corderoy @ 2017-11-02 0:06 UTC (permalink / raw) Hi Dave, > (the author claimed that it was accidental, but the idiot hadn't > tested it on an isolated network first). I don't think the author was an idiot; things were different back then. It's similar to Jordan Hubbard's rwall(1) mentioned here at the end of September; someone had to be the first to screw up. He ended up a convicted felon, something I understand is quite serious that side of the pond, that seems harsh, and it must have been quite embarrassing for him given his father was Chief Scientist at NSA, having moved on from Bell Labs: https://www.bell-labs.com/usr/dmr/www/crypt.html Without that wake-up call, and the good that came out of it, e.g. CERT funding, it might have been a more rude awakening with more than time burnt? -- Cheers, Ralph. https://plus.google.com/+RalphCorderoy ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-01 22:17 Dave Horsfall ` (3 preceding siblings ...) 2017-11-02 0:06 ` Ralph Corderoy @ 2017-11-02 0:09 ` Dan Cross 2017-11-02 1:08 ` Clem cole 2017-11-02 8:18 ` arnold ` (2 subsequent siblings) 7 siblings, 1 reply; 62+ messages in thread From: Dan Cross @ 2017-11-02 0:09 UTC (permalink / raw) On Wed, Nov 1, 2017 at 6:17 PM, Dave Horsfall <dave at horsfall.org> wrote: > The infamous Morris Worm was released in 1988; making use of known > vulnerabilities in Sendmail/finger/RSH (and weak passwords), it took out a > metric shitload of SUN-3s and 4BSD Vaxen (the author claimed that it was > accidental, but the idiot hadn't tested it on an isolated network first). A > temporary "condom" was discovered by Rich Kulawiec with "mkdir /tmp/sh". I feel obligated to mention out that Robert Tappan Morris is really very nice and quite humble in real life. As I understand it he's never sought to capitalize on his infamy from the worm, and while I've never asked him about it (I'm sure that would be very rude) I understand from some of his former students that he feels very contrite about the whole thing. He made a mistake when he was young; the same is true of many of us (myself included). His mistake had the misfortune of being much better known than those most of us make. I should mention that I only know him slightly, but what I have seen of his personality reminds me very much of how I remember Dennis Ritchie: affable, kind and extremely approachable. - Dan C. ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-02 0:09 ` Dan Cross @ 2017-11-02 1:08 ` Clem cole 0 siblings, 0 replies; 62+ messages in thread From: Clem cole @ 2017-11-02 1:08 UTC (permalink / raw) +1 Sent from my PDP-7 Running UNIX V0 expect things to be almost but not quite. > On Nov 1, 2017, at 8:09 PM, Dan Cross <crossd at gmail.com> wrote: > >> On Wed, Nov 1, 2017 at 6:17 PM, Dave Horsfall <dave at horsfall.org> wrote: >> The infamous Morris Worm was released in 1988; making use of known >> vulnerabilities in Sendmail/finger/RSH (and weak passwords), it took out a >> metric shitload of SUN-3s and 4BSD Vaxen (the author claimed that it was >> accidental, but the idiot hadn't tested it on an isolated network first). A >> temporary "condom" was discovered by Rich Kulawiec with "mkdir /tmp/sh". > > I feel obligated to mention out that Robert Tappan Morris is really > very nice and quite humble in real life. As I understand it he's never > sought to capitalize on his infamy from the worm, and while I've never > asked him about it (I'm sure that would be very rude) I understand > from some of his former students that he feels very contrite about the > whole thing. He made a mistake when he was young; the same is true of > many of us (myself included). His mistake had the misfortune of being > much better known than those most of us make. > > I should mention that I only know him slightly, but what I have seen > of his personality reminds me very much of how I remember Dennis > Ritchie: affable, kind and extremely approachable. > > - Dan C. ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-01 22:17 Dave Horsfall ` (4 preceding siblings ...) 2017-11-02 0:09 ` Dan Cross @ 2017-11-02 8:18 ` arnold 2017-11-02 17:56 ` Don Hopkins 2017-11-04 1:15 ` Dave Horsfall 7 siblings, 0 replies; 62+ messages in thread From: arnold @ 2017-11-02 8:18 UTC (permalink / raw) Dave Horsfall <dave at horsfall.org> wrote: > The infamous Morris Worm was released in 1988; making use of known > vulnerabilities in Sendmail/finger/RSH (and weak passwords), it took out a > metric shitload of SUN-3s and 4BSD Vaxen (the author claimed that it was > accidental, but the idiot hadn't tested it on an isolated network first). > A temporary "condom" was discovered by Rich Kulawiec with "mkdir /tmp/sh". > > -- > Dave Horsfall DTM (VK2KFU) "Those who don't understand security will suffer." I was a sysadmin at the time at Emory U's computing center. We were very fortunate to have the worm bypass us, since we were running a sendmail.cf file that I had written (from scratch!) instead of the standard one. (It was written using Ease, a preprocessor for sendmail.cf files. It took me a long time to write and test. I have, fortunately, literally, forgotten more about sendmail than most people ever know. :-) Anyway, I came in that Monday morning to business as usual, only to hear about the chaos happening in the rest of the Unix world. :-) I am sure, now, that I totally didn't understand then how really lucky we were. Arnold ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-01 22:17 Dave Horsfall ` (5 preceding siblings ...) 2017-11-02 8:18 ` arnold @ 2017-11-02 17:56 ` Don Hopkins 2017-11-02 18:32 ` Lars Brinkhoff 2017-11-04 1:15 ` Dave Horsfall 7 siblings, 1 reply; 62+ messages in thread From: Don Hopkins @ 2017-11-02 17:56 UTC (permalink / raw) [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #1: Type: text/plain, Size: 1966 bytes --] One of the temporary condoms with a hole in it that was going around immediately after the worm hit was to emacs /usr/ucb/sendmail (or whatever directory you keep all your stinky hippie software in), ^S DEBUG ESC M-b ^D ^Q ^@ ^X ^S (that is, null out the first character of the “DEBUG” command). Apparently some bright Sun sysadmin immediately applied that patch to the sendmail server running on sun.com <http://sun.com/>... I needed to verify a sun.com email address on a mailing list I ran, so I went “telnet sun.com <http://sun.com/> 25” and hit return a couple times to flush out the telnet negotiation characters (the telnet client sends a few characters of telnet protocol like an “interpret as command” escape sequence like “IAC DON’T RANDOMLY-LOSE", so hitting return causes a syntax error and reads a fresh new line). The second return I hit entered an empty line that matched the DEBUG command whose name was now the null string. When I did “expn foo at sun.com <mailto:foo at sun.com>” it dumped out pages of debugging information!!! So I’d accidentally put sun.com’s sendmail into debug mode by pressing return, since they'd effectively renamed the “DEBUG” command to “”, which stopped the worm, but not me! -Don > On 1 Nov 2017, at 23:17, Dave Horsfall <dave at horsfall.org> wrote: > > The infamous Morris Worm was released in 1988; making use of known vulnerabilities in Sendmail/finger/RSH (and weak passwords), it took out a metric shitload of SUN-3s and 4BSD Vaxen (the author claimed that it was accidental, but the idiot hadn't tested it on an isolated network first). A temporary "condom" was discovered by Rich Kulawiec with "mkdir /tmp/sh". > > -- > Dave Horsfall DTM (VK2KFU) "Those who don't understand security will suffer." -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://minnie.tuhs.org/pipermail/tuhs/attachments/20171102/6c640e8f/attachment.html> ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-02 17:56 ` Don Hopkins @ 2017-11-02 18:32 ` Lars Brinkhoff 2017-11-02 20:32 ` Don Hopkins 0 siblings, 1 reply; 62+ messages in thread From: Lars Brinkhoff @ 2017-11-02 18:32 UTC (permalink / raw) [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #1: Type: text/plain, Size: 472 bytes --] Don Hopkins wrote: > emacs /usr/ucb/sendmail (or whatever directory you keep all your > stinky hippie software in), ^S DEBUG ESC M-b ^D ^Q ^@ ^X ^S (that is, > null out the first character of the “DEBUG” command). This piqued my interest, because exiting incremental search with ESC doesn't look familiar to me (unless in ITS). I tried it in a recent Emacs, and just got "ESC M-b is undefined". Emacs 18 was contemporary with the Morris Worm. Would it allow ESC? ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-02 18:32 ` Lars Brinkhoff @ 2017-11-02 20:32 ` Don Hopkins 2017-11-02 21:59 ` Don Hopkins 0 siblings, 1 reply; 62+ messages in thread From: Don Hopkins @ 2017-11-02 20:32 UTC (permalink / raw) [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #1: Type: text/plain, Size: 876 bytes --] You’re right, if you leave out the extra ESC it might work better! The "condom-with-a-hole-in-it” fix didn’t say exactly which characters to actually type, or even that you had to use emacs, but who in their right mind would use vi to edit a binary (and isn’t already running a root emacs anyway)? -Don > On 2 Nov 2017, at 19:32, Lars Brinkhoff <lars at nocrew.org> wrote: > > Don Hopkins wrote: >> emacs /usr/ucb/sendmail (or whatever directory you keep all your >> stinky hippie software in), ^S DEBUG ESC M-b ^D ^Q ^@ ^X ^S (that is, >> null out the first character of the “DEBUG” command). > > This piqued my interest, because exiting incremental search with ESC > doesn't look familiar to me (unless in ITS). I tried it in a recent > Emacs, and just got "ESC M-b is undefined". Emacs 18 was contemporary > with the Morris Worm. Would it allow ESC? ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-02 20:32 ` Don Hopkins @ 2017-11-02 21:59 ` Don Hopkins 2017-11-02 22:27 ` Ralph Corderoy 0 siblings, 1 reply; 62+ messages in thread From: Don Hopkins @ 2017-11-02 21:59 UTC (permalink / raw) [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #1: Type: text/plain, Size: 1857 bytes --] Can anyone remember or decipher what this was about??? Date: 24 Mar 90 06:52:43 GMT From: dmr@alice.att.com Subject: Re: Contest announcement To: misc-security at uunet.uu.net My own contest is "Most appalling display of classlessness in dealing with a serious subject." The nominees are: 1) National Center for Computer Crime Data, Security Magazine, and Gene Spafford, for their "How High Shall We Hang Robert Morris?" contest. 2) Gene Spafford, for the most tasteless article ever to appear in CACM (special credits for the Jodie Foster joke). Dennis Ritchie Some context maybe? https://tedium.co/2015/07/23/early-computer-virus-history/ <https://tedium.co/2015/07/23/early-computer-virus-history/> To this day, Morris doesn’t really talk about it—though in a lot of ways, his worm had positive side effects, by exposing just how poor security was on many university networks. People didn’t care about password security until Robert Morris came along. Now, security is treated as an immensely important part of running a large network. And Morris, who currently serves as an assistant professor in MIT’s Computer Science and Artificial Intelligence Laboratory, has become a person worthy of emulating—something that can’t be said about John McAfee these days. “He has not tried to make any money or work in this area,” Purdue University computer science professor Eugene Spafford said of Morris in an interview with The Washington Post. “His behavior has been consistent in supporting his defense: that it was an accident and he felt badly about it. I think it’s very much to his credit that that has been his behavior ever since.” -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://minnie.tuhs.org/pipermail/tuhs/attachments/20171102/1591af62/attachment-0001.html> ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-02 21:59 ` Don Hopkins @ 2017-11-02 22:27 ` Ralph Corderoy 0 siblings, 0 replies; 62+ messages in thread From: Ralph Corderoy @ 2017-11-02 22:27 UTC (permalink / raw) [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #1: Type: text/plain, Size: 578 bytes --] Hi Don, > 2) Gene Spafford, for the most tasteless article ever to appear in CACM > (special credits for the Jodie Foster joke). Did some variation of this appear in CACM? The Internet Worm Incident Eugene H. Spafford, Purdue University http://docs.lib.purdue.edu/cstech/793/ As Rick Adams of the Center for Seismic Studies observed in a posting to the Usenet, we may someday hear that the Worm was actually written to impress Jodie Foster — we simply do not know the real reason. -- Cheers, Ralph. https://plus.google.com/+RalphCorderoy ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-01 22:17 Dave Horsfall ` (6 preceding siblings ...) 2017-11-02 17:56 ` Don Hopkins @ 2017-11-04 1:15 ` Dave Horsfall 2017-11-15 21:36 ` Erik E. Fair 7 siblings, 1 reply; 62+ messages in thread From: Dave Horsfall @ 2017-11-04 1:15 UTC (permalink / raw) Well, that sure stirred up a hornet's nest; then again, I've been a stirrer for most of my 65 years (just ask anyone who knows me, including WKT), so I guess I should've expected it... There are far too many responses to deal with individually (it will only go exponential) so I'll make this my final post, and then it can continue off-list if people insist; if Warren has shut down the topic then I haven't noticed it yet, but at least I can see it's an active topic going by the "TUHS" tag (and thanks again Warren for reinstating that). First, apologies I guess to anyone who was offended, but I've never balked at kicking the odd sacred cow now and then. I would've dismissed RTM's effort as an "oopsie" that we all make from time to time, except for the following extract from the Morris Worm page: https://en.wikipedia.org/wiki/Morris_worm ``The critical error that transformed the worm from a potentially harmless intellectual exercise into a virulent denial of service attack was in the spreading mechanism. The worm could have determined whether to invade a new computer by asking whether there was already a copy running. But just doing this would have made it trivially easy to stop, as administrators could just run a process that would answer "yes" when asked whether there was already a copy, and the worm would stay away. The defense against this was inspired by Michael Rabin's mantra "Randomization". To compensate for this possibility, Morris directed the worm to copy itself even if the response is "yes" 1 out of 7 times. This level of replication proved excessive, and the worm spread rapidly, infecting some computers multiple times. Rabin said that Morris "should have tried it on a simulator first".'' The (reconstructed) source code, easily found in a few seconds, shows just that i.e. it was *designed* to avoid any attempts to suppress it; a simple statistical analysis shows that it would become uncontrollable even within a small cluster (I can provide it upon request, in case anyone doubts my admittedly-rusty statistical skills). The first thing any binary did was to unlink itself, thereby making detection difficult. It forks a lot to change the process ID, thereby making it difficult to kill. It encrypts all the strings (a simple XOR with 0x81), thereby disguising it. In short, although I doubt whether there was malicious intent, if I were to write something to bring down the Internet then I would start along those lines. No doubt his goal was laudable (estimating the number of hosts) but there are weirdos like me who prefer not to be "counted" (even my census returns are illegally anonymous, by not providing a real name, no birth date but age is OK, no street address but suburb is OK; I don't care who knows that I'm an atheist as until now we were lumped in as "other"); I regularly fend off such probing attempts in my firewall (ACK scans, FIN scans, etc). So, was RTM an idiot or not? You be the judge. -- Dave Horsfall DTM (VK2KFU) "Those who don't understand security will suffer." ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-04 1:15 ` Dave Horsfall @ 2017-11-15 21:36 ` Erik E. Fair 2017-11-15 21:50 ` Don Hopkins ` (2 more replies) 0 siblings, 3 replies; 62+ messages in thread From: Erik E. Fair @ 2017-11-15 21:36 UTC (permalink / raw) I had dinner in Berkeley the evening of the Morris Worm at Joshu-Ya - the "Kabuki West" dinner group that Russell Brand started when he moved west from MIT, with some help from me. Unusually, I went directly bed when I got home to Mountain View instead of reading E-mail on apple.com before crashing out. Many of my dinner companions went back to the eXperimental Computing Facility (XCF - for undergrads) in Cory Hall on the UCB campus, found their facilities under attack, and coordinated with a team at MIT to perform analysis. I remember that Dave Pare put the binary analysis skills he'd acquired in decompiling psl's empire game to good use in analyzing the worm. I found out the next morning that apple.com was off the Internet (CSNET had shut off the X25NET), and that it (a VAX-11/780 running 4.3 BSD UNIX; we upgraded to an 8650 not much later) had been successfully attacked 17 times overnight ... but that our X25NET connection (IP over X.25 at 9600 baud) had been so flakey that the worm hadn't managed to successfully download its second part and start it. I shut off the finger TCP service, checked to make sure our sendmail(8) didn't have the "debug mode feature" that the worm exploited, and told CSNET to turn us back on. Erik Fair, formerly {post,host}master at apple.com ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-15 21:36 ` Erik E. Fair @ 2017-11-15 21:50 ` Don Hopkins 2017-11-15 21:54 ` Ron Natalie 2017-11-16 1:22 ` Will Senn 2 siblings, 0 replies; 62+ messages in thread From: Don Hopkins @ 2017-11-15 21:50 UTC (permalink / raw) A friendly reminder that kabuki-west is not an appropriate forum for baby announcements! ;) http://www.art.net/~hopkins/Don/text/rms-vs-doctor.html <http://www.art.net/~hopkins/Don/text/rms-vs-doctor.html> -Don > On 15 Nov 2017, at 22:36, Erik E. Fair <fair-tuhs at netbsd.org> wrote: > > I had dinner in Berkeley the evening of the Morris Worm at Joshu-Ya - the "Kabuki West" dinner group that Russell Brand started when he moved west from MIT, with some help from me. Unusually, I went directly bed when I got home to Mountain View instead of reading E-mail on apple.com before crashing out. Many of my dinner companions went back to the eXperimental Computing Facility (XCF - for undergrads) in Cory Hall on the UCB campus, found their facilities under attack, and coordinated with a team at MIT to perform analysis. I remember that Dave Pare put the binary analysis skills he'd acquired in decompiling psl's empire game to good use in analyzing the worm. > > I found out the next morning that apple.com was off the Internet (CSNET had shut off the X25NET), and that it (a VAX-11/780 running 4.3 BSD UNIX; we upgraded to an 8650 not much later) had been successfully attacked 17 times overnight ... but that our X25NET connection (IP over X.25 at 9600 baud) had been so flakey that the worm hadn't managed to successfully download its second part and start it. I shut off the finger TCP service, checked to make sure our sendmail(8) didn't have the "debug mode feature" that the worm exploited, and told CSNET to turn us back on. > > Erik Fair, formerly {post,host}master at apple.com -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://minnie.tuhs.org/pipermail/tuhs/attachments/20171115/f556cf14/attachment-0001.html> ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-15 21:36 ` Erik E. Fair 2017-11-15 21:50 ` Don Hopkins @ 2017-11-15 21:54 ` Ron Natalie 2017-11-16 1:05 ` Erik E. Fair 2017-11-16 1:22 ` Will Senn 2 siblings, 1 reply; 62+ messages in thread From: Ron Natalie @ 2017-11-15 21:54 UTC (permalink / raw) I was at Rutgers at the time. We heard of the work and chased down one copy we had on an ancillary machine. Most of it's exploited bugs were ones I had known about for a long time and had taken care of. After spending a bit of time confirming we'd cleaned things up, I headed off to a meeting in DC. Then all hell broke loose. Not because of the worm itself, but the next day the media caught up with it and the phone rang off the hook at the computer center with every news outlet in the state wanting to know what was going on. Fortunately, Chuck was still there to answer questions (he's much more patient with pinheaded reporters than I am anyhow). ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-15 21:54 ` Ron Natalie @ 2017-11-16 1:05 ` Erik E. Fair 0 siblings, 0 replies; 62+ messages in thread From: Erik E. Fair @ 2017-11-16 1:05 UTC (permalink / raw) Unless I'm mistaken, the Morris worm was the first such incident to make the front page of the New York Times (in an article by now-retired John Markoff): http://www.nytimes.com/1988/11/04/us/virus-in-military-computers-disrupts-systems-nationwide.html So I'm not surprised that other reporters started poking around. No one thought to call Apple (at least, not that anyone told me about), but given the limited nature (and understanding) of the Internet at the time, and its characterization by Markoff as "military", this is not too surprising. My group was a little worried about an AppleTalk-based virus getting loose in the Apple Engineering Network ... and that sort-of did happen, not very long after: http://virus.wikidot.com/wdef Fortunately, WDEF had a bug which limited its spread to promiscuous media exchange (floppies) - AppleShare volumes didn't have the resource it attempted to infect (a "desktop database"), and thus if your computer had WDEF, the first attempt to mount an AppleShare volume would crash your system - at that time, most Macs didn't have MMUs and didn't run real operating systems like Unix ... and we inside Apple used AppleShare extensively. Also easy to clean out: just rebuild the "desktop database" (hold down Option key when mounting disk volumes, IIRC). I'm also pretty sure that the Morris worm was the impetus for the formation of the Computer Emergency Response Team (CERT) at CMU Software Engineering Institute (SEI): https://en.wikipedia.org/wiki/Computer_emergency_response_team It looks like Wikipedia agrees with me. Tom Duff gave a related talk & paper at Summer USENIX 1989 that was most interesting, "Experience with Viruses on UNIX Systems": https://www.usenix.org/legacy/publications/compsystems/1989/spr_duff.pdf I especially liked the bit in which Tom's virus infected a multi-level secured UNIX system that Doug McIlroy and Jim Reeds were developing which they didn't spot until they turned on all their protections ... and programs started crashing all over the place. Erik ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-15 21:36 ` Erik E. Fair 2017-11-15 21:50 ` Don Hopkins 2017-11-15 21:54 ` Ron Natalie @ 2017-11-16 1:22 ` Will Senn 2017-11-16 1:56 ` Erik E. Fair 2 siblings, 1 reply; 62+ messages in thread From: Will Senn @ 2017-11-16 1:22 UTC (permalink / raw) On 11/15/17 3:36 PM, Erik E. Fair wrote: > I remember that Dave Pare put the binary analysis skills he'd acquired > in decompiling psl's empire game to good use in analyzing the worm. Hi Erik, Is this empire descended from Chuck Simmons' version vms-empire? Will -- GPG Fingerprint: 68F4 B3BD 1730 555A 4462 7D45 3EAA 5B6D A982 BAAF ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-16 1:22 ` Will Senn @ 2017-11-16 1:56 ` Erik E. Fair 2017-11-16 2:41 ` Ron Natalie ` (3 more replies) 0 siblings, 4 replies; 62+ messages in thread From: Erik E. Fair @ 2017-11-16 1:56 UTC (permalink / raw) Sorry, "psl" is Peter S. Langston, so: https://en.wikipedia.org/wiki/Empire_(1972_video_game) http://www.langston.com That Wikipedia entry should describe it as a "computer game" (or "simulation") rather than as a "video game", given the common understanding of those phrases. PSL's "empire" was a multiplayer game similar (sort of) to the board game "Risk" and the "graphics" were ASCII-maps. I played that game at some length after leaving UCB - it was "guaranteed to drop your GPA two points" (addictive as hell). Another way to parboil your brain with it was to set the "update interval" to 5 seconds (a.k.a. a "flash" game) and have a several hour (instead of the more typical several month) gaming session with like-minded crazies ... I mean, "players" ... in a terminal room. I recall one such evening up at LBL with Craig Leres and Jef Poskanzer, among others ... Anyway, the Dave Pare mentioned in the Wikipedia entry is the same one who worked on decompiling the Morris worm, with the aforementioned tools he'd developed (he liked playing empire and wanted to fix bugs and extend the game, but psl was only supplying binaries ...). It's funny where tools come from sometimes. Erik ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-16 1:56 ` Erik E. Fair @ 2017-11-16 2:41 ` Ron Natalie 2017-11-16 3:00 ` Don Hopkins ` (2 subsequent siblings) 3 siblings, 0 replies; 62+ messages in thread From: Ron Natalie @ 2017-11-16 2:41 UTC (permalink / raw) Ah, yes. Empire. Amusingly the thing self-limited to 60 minutes of connect time plus your moves were restricted by the number of BTUs (Bureaucratic Time Units) your capital generated. People used to play this at lunch at BRL. However they'd capture maps and other dumps from the game and then spend hours in the afternoon planning tomorrow's strategy. Finally, the director put an end to it. He told us computer geeks to remove the game from the system. My coworker suggested to the director (a man named Robert J. Eichelberger, the Army expert in shaped charges) that he just make the games inaccessible but not remove them from our source archives, saying it was like ripping pages out of a dictionary just because you didn't like the words. I faked an email shortly thereafter. Mr. Miles Please remove the following pages from your dictionary: 234, 342, 411. Thank You -Hasp. ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-16 1:56 ` Erik E. Fair 2017-11-16 2:41 ` Ron Natalie @ 2017-11-16 3:00 ` Don Hopkins 2017-11-16 7:39 ` Steve Simon 2017-11-16 15:54 ` Clem Cole 3 siblings, 0 replies; 62+ messages in thread From: Don Hopkins @ 2017-11-16 3:00 UTC (permalink / raw) [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #1: Type: text/plain, Size: 2312 bytes --] Remember Eedie & Eddie, Peter Langston’s DecTalk voice synthesizers who would answer the phone with “Yes, operator, I will accept the charges!” and then responded to touch tone commands to perform algorithmic compositions and sing songs together to you over the telephone? http://www.langston.com/SVM.html <http://www.langston.com/SVM.html> Good thing Bellcore had all the free long distance phone service they could use, because anyone who knew the phone number for Eedie & Eddie could use it to make as many free third party charge long distance phone calls as they desired! (Spoiler: The phone number was listed in the title of Peter S. Langston’s 1986 Summer USENIX paper!) Search Results 201 644-2332 or Eedie & Eddie on the Wire: An Experiment in Music Generation http://www.langston.com/Papers/2332.pdf -Don > On 16 Nov 2017, at 02:56, Erik E. Fair <fair-tuhs at netbsd.org> wrote: > > Sorry, "psl" is Peter S. Langston, so: > > https://en.wikipedia.org/wiki/Empire_(1972_video_game) > > http://www.langston.com > > That Wikipedia entry should describe it as a "computer game" (or "simulation") rather than as a "video game", given the common understanding of those phrases. PSL's "empire" was a multiplayer game similar (sort of) to the board game "Risk" and the "graphics" were ASCII-maps. > > I played that game at some length after leaving UCB - it was "guaranteed to drop your GPA two points" (addictive as hell). Another way to parboil your brain with it was to set the "update interval" to 5 seconds (a.k.a. a "flash" game) and have a several hour (instead of the more typical several month) gaming session with like-minded crazies ... I mean, "players" ... in a terminal room. > > I recall one such evening up at LBL with Craig Leres and Jef Poskanzer, among others ... > > Anyway, the Dave Pare mentioned in the Wikipedia entry is the same one who worked on decompiling the Morris worm, with the aforementioned tools he'd developed (he liked playing empire and wanted to fix bugs and extend the game, but psl was only supplying binaries ...). > > It's funny where tools come from sometimes. > > Erik -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://minnie.tuhs.org/pipermail/tuhs/attachments/20171116/71394946/attachment.html> ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-16 1:56 ` Erik E. Fair 2017-11-16 2:41 ` Ron Natalie 2017-11-16 3:00 ` Don Hopkins @ 2017-11-16 7:39 ` Steve Simon 2017-11-16 15:54 ` Clem Cole 3 siblings, 0 replies; 62+ messages in thread From: Steve Simon @ 2017-11-16 7:39 UTC (permalink / raw) [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #1: Type: text/plain, Size: 1476 bytes --] I remember reading the New Scientist article on the worm. Was Dave Parr the person described as once described as “Dave ADB-is-your-friend Parr”? -Steve > On 16 Nov 2017, at 01:56, Erik E. Fair <fair-tuhs at netbsd.org> wrote: > > Sorry, "psl" is Peter S. Langston, so: > > https://en.wikipedia.org/wiki/Empire_(1972_video_game) > > http://www.langston.com > > That Wikipedia entry should describe it as a "computer game" (or "simulation") rather than as a "video game", given the common understanding of those phrases. PSL's "empire" was a multiplayer game similar (sort of) to the board game "Risk" and the "graphics" were ASCII-maps. > > I played that game at some length after leaving UCB - it was "guaranteed to drop your GPA two points" (addictive as hell). Another way to parboil your brain with it was to set the "update interval" to 5 seconds (a.k.a. a "flash" game) and have a several hour (instead of the more typical several month) gaming session with like-minded crazies ... I mean, "players" ... in a terminal room. > > I recall one such evening up at LBL with Craig Leres and Jef Poskanzer, among others ... > > Anyway, the Dave Pare mentioned in the Wikipedia entry is the same one who worked on decompiling the Morris worm, with the aforementioned tools he'd developed (he liked playing empire and wanted to fix bugs and extend the game, but psl was only supplying binaries ...). > > It's funny where tools come from sometimes. > > Erik ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-16 1:56 ` Erik E. Fair ` (2 preceding siblings ...) 2017-11-16 7:39 ` Steve Simon @ 2017-11-16 15:54 ` Clem Cole 2017-11-16 15:58 ` Jon Steinhart 3 siblings, 1 reply; 62+ messages in thread From: Clem Cole @ 2017-11-16 15:54 UTC (permalink / raw) On Wed, Nov 15, 2017 at 8:56 PM, Erik E. Fair <fair-tuhs at netbsd.org> wrote: > Sorry, "psl" is Peter S. Langston, so: > > https://en.wikipedia.org/wiki/Empire_(1972_video_game) > > http://www.langston.com > > That Wikipedia entry should describe it as a "computer game" (or > "simulation") rather than as a "video game", given the common understanding > of those phrases. PSL's "empire" was a multiplayer game similar (sort of) > to the board game "Risk" and the "graphics" were ASCII-maps. > > I played that game at some length after leaving UCB - it was "guaranteed > to drop your GPA two points" (addictive as hell). Another way to parboil > your brain with it was to set the "update interval" to 5 seconds (a.k.a. a > "flash" game) and have a several hour (instead of the more typical several > month) gaming session with like-minded crazies ... I mean, "players" ... in > a terminal room. > > I recall one such evening up at LBL with Craig Leres and Jef Poskanzer, > among others ... > > Anyway, the Dave Pare mentioned in the Wikipedia entry is the same one who > worked on decompiling the Morris worm, with the aforementioned tools he'd > developed (he liked playing empire and wanted to fix bugs and extend the > game, but psl was only supplying binaries ...). > > It's funny where tools come from sometimes. > > Erik > Indeed - this is a solid bit of UNIX history. We should put a PSL Games Tape into Warren's library. And Empire was more additive then Adventure when it came out :-) Fortunately, I only got mildly sucked in. If I recall, Ward Cunningham, Steve Glaser and Charlie Perkins were pretty heavily caught up. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://minnie.tuhs.org/pipermail/tuhs/attachments/20171116/a1007971/attachment.html> ^ permalink raw reply [flat|nested] 62+ messages in thread
* [TUHS] Happy birthday, Morris Worm! 2017-11-16 15:54 ` Clem Cole @ 2017-11-16 15:58 ` Jon Steinhart 0 siblings, 0 replies; 62+ messages in thread From: Jon Steinhart @ 2017-11-16 15:58 UTC (permalink / raw) Clem Cole writes: > And Empire was more additive then Adventure when it came out :-) > Fortunately, I only got mildly sucked in. If I recall, Ward Cunningham, > Steve Glaser and Charlie Perkins were pretty heavily caught up. Hey, if we're going down that rathole let's not forget that amazing vi-trainer called rogue. And it worked on 80 column displays too :-) ^ permalink raw reply [flat|nested] 62+ messages in thread
end of thread, other threads:[~2019-11-02 7:32 UTC | newest] Thread overview: 62+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2017-11-02 12:10 [TUHS] Happy birthday, Morris Worm! Noel Chiappa 2017-11-02 14:26 ` Dan Cross -- strict thread matches above, loose matches on Subject: below -- 2019-11-01 20:36 Dave Horsfall 2019-11-01 21:12 ` Dan Cross 2019-11-01 21:49 ` A. P. Garcia 2019-11-02 6:35 ` William Corcoran 2019-11-02 6:44 ` William Corcoran 2019-11-02 7:31 ` A. P. Garcia 2017-11-16 23:24 Doug McIlroy 2017-11-16 23:35 ` Ralph Corderoy 2017-11-03 10:23 Noel Chiappa 2017-11-03 11:20 ` arnold 2017-11-03 13:11 ` Arthur Krewat 2017-11-03 19:26 ` Toby Thain 2017-11-03 20:54 ` Arthur Krewat 2017-11-03 0:53 Doug McIlroy 2017-11-03 1:39 ` Ken Thompson 2017-11-03 9:25 ` arnold 2017-11-02 13:46 Norman Wilson 2017-11-02 14:32 ` Chet Ramey 2017-11-02 14:42 ` Will Senn 2017-11-02 15:00 ` Michael Kjörling 2017-11-02 15:26 ` Tim Bradshaw 2017-11-02 16:48 ` Don Hopkins 2017-11-02 16:50 ` Don Hopkins 2017-11-02 16:52 ` Don Hopkins 2017-11-02 16:54 ` Don Hopkins 2017-11-02 16:56 ` Don Hopkins 2017-11-02 16:57 ` Don Hopkins 2017-11-02 17:00 ` Don Hopkins 2017-11-02 17:57 ` Don Hopkins 2017-11-02 15:25 ` Dan Cross 2017-11-02 15:52 ` Will Senn 2017-11-02 18:42 ` Ken Thompson 2017-11-02 3:46 Doug McIlroy 2017-11-02 5:53 ` George Michaelson 2017-11-01 22:17 Dave Horsfall 2017-11-01 22:32 ` Lyndon Nerenberg 2017-11-02 16:43 ` Don Hopkins 2017-11-01 23:03 ` Charles H. Sauer 2017-11-01 23:15 ` Paul Winalski 2017-11-02 0:06 ` Ralph Corderoy 2017-11-02 0:09 ` Dan Cross 2017-11-02 1:08 ` Clem cole 2017-11-02 8:18 ` arnold 2017-11-02 17:56 ` Don Hopkins 2017-11-02 18:32 ` Lars Brinkhoff 2017-11-02 20:32 ` Don Hopkins 2017-11-02 21:59 ` Don Hopkins 2017-11-02 22:27 ` Ralph Corderoy 2017-11-04 1:15 ` Dave Horsfall 2017-11-15 21:36 ` Erik E. Fair 2017-11-15 21:50 ` Don Hopkins 2017-11-15 21:54 ` Ron Natalie 2017-11-16 1:05 ` Erik E. Fair 2017-11-16 1:22 ` Will Senn 2017-11-16 1:56 ` Erik E. Fair 2017-11-16 2:41 ` Ron Natalie 2017-11-16 3:00 ` Don Hopkins 2017-11-16 7:39 ` Steve Simon 2017-11-16 15:54 ` Clem Cole 2017-11-16 15:58 ` Jon Steinhart
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).