2 Nov
2017
2 Nov
'17
9:18 a.m.
Dave Horsfall <dave(a)horsfall.org> wrote:
The infamous Morris Worm was released in 1988; making
use of known
vulnerabilities in Sendmail/finger/RSH (and weak passwords), it took out a
metric shitload of SUN-3s and 4BSD Vaxen (the author claimed that it was
accidental, but the idiot hadn't tested it on an isolated network first).
A temporary "condom" was discovered by Rich Kulawiec with "mkdir
/tmp/sh".
--
Dave Horsfall DTM (VK2KFU) "Those who don't understand security will
suffer."
I was a sysadmin at the time at Emory U's computing center. We were very
fortunate to have the worm bypass us, since we were running a sendmail.cf
file that I had written (from scratch!) instead of the standard one.
(It was written using Ease, a preprocessor for sendmail.cf files. It
took me a long time to write and test. I have, fortunately, literally,
forgotten more about sendmail than most people ever know. :-)
Anyway, I came in that Monday morning to business as usual, only to
hear about the chaos happening in the rest of the Unix world. :-)
I am sure, now, that I totally didn't understand then how really
lucky we were.
Arnold