From: don@DonHopkins.com (Don Hopkins)
Subject: [TUHS] Happy birthday, Morris Worm!
Date: Thu, 2 Nov 2017 18:56:16 +0100 [thread overview]
Message-ID: <D9C7A67A-258C-4568-A4E8-E0C5859469FE@gmail.com> (raw)
In-Reply-To: <alpine.BSF.2.21.1711020915520.66513@aneurin.horsfall.org>
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 1966 bytes --]
One of the temporary condoms with a hole in it that was going around immediately after the worm hit was to emacs /usr/ucb/sendmail (or whatever directory you keep all your stinky hippie software in), ^S DEBUG ESC M-b ^D ^Q ^@ ^X ^S (that is, null out the first character of the “DEBUG” command).
Apparently some bright Sun sysadmin immediately applied that patch to the sendmail server running on sun.com <http://sun.com/>...
I needed to verify a sun.com email address on a mailing list I ran, so I went “telnet sun.com <http://sun.com/> 25” and hit return a couple times to flush out the telnet negotiation characters (the telnet client sends a few characters of telnet protocol like an “interpret as command” escape sequence like “IAC DON’T RANDOMLY-LOSE", so hitting return causes a syntax error and reads a fresh new line).
The second return I hit entered an empty line that matched the DEBUG command whose name was now the null string.
When I did “expn foo at sun.com <mailto:foo at sun.com>” it dumped out pages of debugging information!!!
So I’d accidentally put sun.com’s sendmail into debug mode by pressing return, since they'd effectively renamed the “DEBUG” command to “”, which stopped the worm, but not me!
-Don
> On 1 Nov 2017, at 23:17, Dave Horsfall <dave at horsfall.org> wrote:
>
> The infamous Morris Worm was released in 1988; making use of known vulnerabilities in Sendmail/finger/RSH (and weak passwords), it took out a metric shitload of SUN-3s and 4BSD Vaxen (the author claimed that it was accidental, but the idiot hadn't tested it on an isolated network first). A temporary "condom" was discovered by Rich Kulawiec with "mkdir /tmp/sh".
>
> --
> Dave Horsfall DTM (VK2KFU) "Those who don't understand security will suffer."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://minnie.tuhs.org/pipermail/tuhs/attachments/20171102/6c640e8f/attachment.html>
next prev parent reply other threads:[~2017-11-02 17:56 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-01 22:17 Dave Horsfall
2017-11-01 22:32 ` Lyndon Nerenberg
2017-11-02 16:43 ` Don Hopkins
2017-11-01 23:03 ` Charles H. Sauer
2017-11-01 23:15 ` Paul Winalski
2017-11-02 0:06 ` Ralph Corderoy
2017-11-02 0:09 ` Dan Cross
2017-11-02 1:08 ` Clem cole
2017-11-02 8:18 ` arnold
2017-11-02 17:56 ` Don Hopkins [this message]
2017-11-02 18:32 ` Lars Brinkhoff
2017-11-02 20:32 ` Don Hopkins
2017-11-02 21:59 ` Don Hopkins
2017-11-02 22:27 ` Ralph Corderoy
2017-11-04 1:15 ` Dave Horsfall
2017-11-15 21:36 ` Erik E. Fair
2017-11-15 21:50 ` Don Hopkins
2017-11-15 21:54 ` Ron Natalie
2017-11-16 1:05 ` Erik E. Fair
2017-11-16 1:22 ` Will Senn
2017-11-16 1:56 ` Erik E. Fair
2017-11-16 2:41 ` Ron Natalie
2017-11-16 3:00 ` Don Hopkins
2017-11-16 7:39 ` Steve Simon
2017-11-16 15:54 ` Clem Cole
2017-11-16 15:58 ` Jon Steinhart
2017-11-02 3:46 Doug McIlroy
2017-11-02 5:53 ` George Michaelson
2017-11-02 12:10 Noel Chiappa
2017-11-02 14:26 ` Dan Cross
2017-11-02 13:46 Norman Wilson
2017-11-02 14:32 ` Chet Ramey
2017-11-02 14:42 ` Will Senn
2017-11-02 15:00 ` Michael Kjörling
2017-11-02 15:26 ` Tim Bradshaw
2017-11-02 16:48 ` Don Hopkins
2017-11-02 16:50 ` Don Hopkins
2017-11-02 16:52 ` Don Hopkins
2017-11-02 16:54 ` Don Hopkins
2017-11-02 16:56 ` Don Hopkins
2017-11-02 16:57 ` Don Hopkins
2017-11-02 17:00 ` Don Hopkins
2017-11-02 17:57 ` Don Hopkins
2017-11-02 15:25 ` Dan Cross
2017-11-02 15:52 ` Will Senn
2017-11-02 18:42 ` Ken Thompson
2017-11-03 0:53 Doug McIlroy
2017-11-03 1:39 ` Ken Thompson
2017-11-03 9:25 ` arnold
2017-11-03 10:23 Noel Chiappa
2017-11-03 11:20 ` arnold
2017-11-03 13:11 ` Arthur Krewat
2017-11-03 19:26 ` Toby Thain
2017-11-03 20:54 ` Arthur Krewat
2017-11-16 23:24 Doug McIlroy
2017-11-16 23:35 ` Ralph Corderoy
2019-11-01 20:36 Dave Horsfall
2019-11-01 21:12 ` Dan Cross
2019-11-01 21:49 ` A. P. Garcia
2019-11-02 6:35 ` William Corcoran
2019-11-02 6:44 ` William Corcoran
2019-11-02 7:31 ` A. P. Garcia
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D9C7A67A-258C-4568-A4E8-E0C5859469FE@gmail.com \
--to=don@donhopkins.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).