2 Nov
2019
2 Nov
'19
3:49 a.m.
On Fri, Nov 1, 2019, 4:37 PM Dave Horsfall <dave(a)horsfall.org> wrote:
The infamous Morris Worm was released in 1988; making
use of known
vulnerabilities in Sendmail/finger/RSH (and weak passwords), it took out a
metric shitload of SUN-3s and 4BSD Vaxen (the author claimed that it was
accidental, but the idiot hadn't tested it on an isolated network first).
A
temporary "condom" was discovered by Rich Kulawiec with "mkdir
/tmp/sh".
Another fix was to move the C compiler elsewhere.
-- Dave
One of my comp sci professors was a grad student at Cornell when this
happened. He shared a small office with Morris and some other students. He
said that he had to explain that he had absolutely nothing to do with it on
quite a few occasions.
Morris was caught partly because he used the Unix crypt command to encrypt
his source code. The command was a computer model of the Enigma machine,
and its output could be and indeed was cracked, after retrieving the
encrypted code from a backup tape.
It's interesting that the worm was quickly detected. The reason was that it
kept infecting the same machines, and as you referred to, it contained a
password cracker, which slowed those machines to a crawl because of the
multiple instances running.