[ISN] Morris worm turns 20: Look what it's done

From: InfoSec News <alerts_at_private>
Date: Sun, 2 Nov 2008 03:36:12 -0600 (CST)

By Carolyn Duffy Marsan 
Network World 

The Internet will mark an infamous anniversary on Sunday, when the 
Morris worm turns 20.

Considered the first major attack on the 'Net, the Morris worm served as 
a wake-up call to the Internet engineering community about the risk of 
software bugs, and it set the stage for network security to become a 
valid area of research and development. (Watch a slideshow of the 10 
worst moments in network security history. [1])

"It was a really big deal," says Eric Allman, a computer programmer who 
in 1981 authored sendmail, open source Internet e-mail software, while 
he was a student at the University of California at Berkeley. Today, 
Allman serves as chief science officer at Sendmail, a company that sells 
commercial-grade versions of the software.

"The biggest implication of the Morris worm was that the Internet was 
very small … and it was considered a friendly place, a clubhouse," 
Allman says. "This [attack] made it clear that there were some people in 
that clubhouse who didn't have the best interests of the world in mind … 
This made it clear we had to think about security."

Despite the high-profile nature of the worm, some experts say its 
importance was not fully appreciated at the time.

"The really interesting lesson of the Morris Worm is how little 
long-term impact it had," says Steve Bellovin, a professor in the 
Department of Computer Science at Columbia University who was developing 
an early firewall at Bell Labs when the attack occurred. "It showed 
people who cared how dangerous buggy software could be, but nobody else 
really paid that much attention to network security afterwards. It 
wasn't until the mid-1990s that it became an issue again."

The Morris worm was written by Cornell University student Robert Tappan 
Morris, who was later convicted of computer fraud for the incident. 
Today, Morris is a respected associate professor of computer science at 
MIT. Launched around 6 p.m. on Nov. 2, 1988, the Morris worm disabled 
approximately 10% of all Internet-connected systems, which were 
estimated at more than 60,000 machines.

The Morris worm was a self-replicating program that exploited known 
weaknesses in common utilities including sendmail, which is e-mail 
routing software, and Finger, a tool that showed which users were logged 
on to the network. 

[1] http://www.networkworld.com/slideshows/2008/031108-worst-moments-in-net-security.html


Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
Received on Sun Nov 02 2008 - 01:36:12 PST

This archive was generated by hypermail 2.2.0 : Sun Nov 02 2008 - 01:39:29 PST