From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from minnie.tuhs.org (minnie.tuhs.org [45.79.103.53]) by inbox.vuxu.org (OpenSMTPD) with ESMTP id ac697f0e for ; Fri, 1 Nov 2019 21:49:43 +0000 (UTC) Received: by minnie.tuhs.org (Postfix, from userid 112) id 118A79BFBA; Sat, 2 Nov 2019 07:49:42 +1000 (AEST) Received: from minnie.tuhs.org (localhost [127.0.0.1]) by minnie.tuhs.org (Postfix) with ESMTP id 5080193DA3; Sat, 2 Nov 2019 07:49:20 +1000 (AEST) Authentication-Results: minnie.tuhs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="ICjLwdFN"; dkim-atps=neutral Received: by minnie.tuhs.org (Postfix, from userid 112) id 98CB393DA3; Sat, 2 Nov 2019 07:49:18 +1000 (AEST) Received: from mail-ot1-f43.google.com (mail-ot1-f43.google.com [209.85.210.43]) by minnie.tuhs.org (Postfix) with ESMTPS id 07A4393D74; Sat, 2 Nov 2019 07:49:18 +1000 (AEST) Received: by mail-ot1-f43.google.com with SMTP id 53so9586541otv.4; Fri, 01 Nov 2019 14:49:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=tC5pVOlJ5az3uAGTh5vNLCRL1kWMOvr2zkXYdQik4dM=; b=ICjLwdFN5wZdnz0U5mygm0VEOTBmrZ4ha0eY8Zyk9t9wFoAeX9SuEKSy1jYmdNCi97 0RCvOiRJbfmHCfWYwwQT82Zt5vELRF8dcSEZkCm6/24weZjuq/ICbs5xbNdA1gWb6Tv9 3MtRQ+lVF6Lab85MQ4+oZ1IdIXPjqdWcmLjYsueXxmYGHHj9nfgagPTkp15QWsSPFnZo kv2s+eyi/7La3rm4uYueZE3zwA/wkU6mMyqH/7amUzpQ5zLKZQefSi5NLOMkODVjnJoo cBf0QN26qu7+WXDZzTpUptJ+1xlkZt4iyBQ6ZmMwkZDqDZg11SntHTzxuho6u7gYba1z Xb7w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=tC5pVOlJ5az3uAGTh5vNLCRL1kWMOvr2zkXYdQik4dM=; b=GglfPEqv3r9351SR9KfJGn3LRaQknZHJ9EZbqKaRU+5vhq/AhF9rNQ6DbkwtxqQnob hzuM115Lbci5SK8OmtG7M+siggSSrsk4QcwEeCGvpzclQYcPoi85For8zarWfBQaNGQZ ZnxICWP7TMEkN/qijyEgLNGY8C6b4FQNwBmgFJ9b9ZeZck4sFYa46YQuhSCSkQi/f++d MXIFFa+shP3vufqdNrfLxfKhs+x/nFVJ4AptG/KlWd/+q51FhgVbRi1+2K4HaBBBQQrc rRPnDOMgmtmK59uHIRGuU4rNdgtAMHWrApvhbieSDp2h/k3Jiu784hdzo6QQLxqgeZ0u ZSsQ== X-Gm-Message-State: APjAAAXpenpnhN/4YZNvN1uGN8ALZGf811r2jUesE1JAXM516hejJZ9v Gz6HKcRh8rCL9g5f5POiToTkC2R+A5hI7Gkn2d4= X-Google-Smtp-Source: APXvYqy8Qijd6ZWj6s9v/RlHL+D8LaJMQytXkUO34V7Cm3S5S3i5YvddKecKPn6p1nqwiksdktD/O+lN1MsfBU6dwGw= X-Received: by 2002:a9d:66d:: with SMTP id 100mr1067498otn.179.1572644957086; Fri, 01 Nov 2019 14:49:17 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: "A. P. Garcia" Date: Fri, 1 Nov 2019 17:49:05 -0400 Message-ID: To: Dave Horsfall Content-Type: multipart/alternative; boundary="0000000000000667a305964ff09f" Subject: Re: [TUHS] Happy birthday, Morris Worm! X-BeenThere: tuhs@minnie.tuhs.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: The Unix Heritage Society mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: The Eunuchs Hysterical Society , Computer Old Farts Followers Errors-To: tuhs-bounces@minnie.tuhs.org Sender: "TUHS" --0000000000000667a305964ff09f Content-Type: text/plain; charset="UTF-8" On Fri, Nov 1, 2019, 4:37 PM Dave Horsfall wrote: > The infamous Morris Worm was released in 1988; making use of known > vulnerabilities in Sendmail/finger/RSH (and weak passwords), it took out a > metric shitload of SUN-3s and 4BSD Vaxen (the author claimed that it was > accidental, but the idiot hadn't tested it on an isolated network first). > A > temporary "condom" was discovered by Rich Kulawiec with "mkdir /tmp/sh". > > Another fix was to move the C compiler elsewhere. > > -- Dave > One of my comp sci professors was a grad student at Cornell when this happened. He shared a small office with Morris and some other students. He said that he had to explain that he had absolutely nothing to do with it on quite a few occasions. Morris was caught partly because he used the Unix crypt command to encrypt his source code. The command was a computer model of the Enigma machine, and its output could be and indeed was cracked, after retrieving the encrypted code from a backup tape. It's interesting that the worm was quickly detected. The reason was that it kept infecting the same machines, and as you referred to, it contained a password cracker, which slowed those machines to a crawl because of the multiple instances running. > --0000000000000667a305964ff09f Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


On Fri, Nov 1, 2019, 4:37 PM Dave Horsfall <dave@horsfall.org> wrote:
The infamous Morris Worm was released in 1988; = making use of known
vulnerabilities in Sendmail/finger/RSH (and weak passwords), it took out a =
metric shitload of SUN-3s and 4BSD Vaxen (the author claimed that it was accidental, but the idiot hadn't tested it on an isolated network first= ). A
temporary "condom" was discovered by Rich Kulawiec with "mkd= ir /tmp/sh".

Another fix was to move the C compiler elsewhere.

-- Dave

One of my comp sci professors was a grad student at Cornell when thi= s happened. He shared a small office with Morris and some other students. H= e said that he had to explain that he had absolutely nothing to do with it = on quite a few occasions.=C2=A0

Morris was caught partly because he used the Unix crypt command t= o encrypt his source code. The command was a computer model of the Enigma m= achine, and its output could be and indeed was cracked, after retrieving th= e encrypted code from a backup tape.

It's interesting that the worm was quickly detected. The r= eason was that it kept infecting the same machines, and as you referred to,= it contained a password cracker, which slowed those machines to a crawl be= cause of the multiple instances running.
--0000000000000667a305964ff09f--