
The Morris Worm at 30 - wglb
https://www.bcs.org/content-hub/the-morris-worm-at-30/
======
jpmattia
It may seem quaint now, but it cost many of us a great deal of time back then
and was a huge PITA.

My favorite vulnerability is not often mentioned: The sendmail config file
used to have a completely byzantine syntax. Consequently, there was a default
wizard password that would grant total strangers access, with the
understanding that these would be whitehat wizards breaking in to fix your
braindamaged mail configuration.

The reason for the "whitehat" assumption was really that no one had seen any
other color of hat (because why would you break in and do something malicious
wtf haven't you got anything better to do?)

Simpler times.

~~~
ASalazarMX
It fills my heart with nostalgia when I remember how decades ago experts said
"It's dangerous to open .exes someone sent you by mail. Images and data files
are fine, they don't run and can't infect your computer".

Simpler times indeed.

------
billyhoffman
This talks a good bit about how some of the default passwords the Morris Worm
checked for in 1988 are on the list of commonly used passwords in 2018. Which
is kind of sad but understandable and somewhat excusable because, we’ll,
humans.

But it overlooks what I think is actually a way sadder and bigger issue: The
Morris Worm utilized a buffer overflow in fingerd as one of its propagation
mechanisms.

Here we are 30 years later and still dealing with code execution
vulnerabilities because of various memory mismanagement issues. [face palm]

~~~
killyp
Buffer overflows will be an issue as long as code is written in languages that
allow memory mismanagement. C, C++ and even Fortran are still here and aren't
going away any time soon so this isn't going to change anytime in the near
future.

~~~
CoolGuySteve
The reason these languages are still popular is because they're still the
fastest and consume less memory.

A better question is why doesn't x86_64 have hardware bounds checking by now?
We can already fault at the page boundary, it seems like a minor improvement
to have an instruction for malloc/sbrk to create new dynamically sized pages
that fault the same way.

Doing so would also be backwards compatible with all the existing software
that relies on malloc.

~~~
Someone
“Huge/Large/Super pages”
([https://wiki.debian.org/Hugepages](https://wiki.debian.org/Hugepages)) exist
because the typical 4kB pages have too much overhead in programs that allocate
lots of memory.

So, sizing pages down to malloc-sized blocks will impact performance, even
ignoring the fact that, to have true bounds checking, pointers will have to
carry size information, making them larger (64-bit pointers have quite a few
unused bits on typical systems, so it may be possible to hide that somewhat.

Also, if you truly want to do bounds-checking, you will have to create a
‘page’ for every element of every array (either up front or on demand), and,
if such elements have structure, for each part of the structure.

~~~
CoolGuySteve
Huge pages mainly exist to alleviate TLB pressure and page fault latency. But
that performance penalty is tiny compared to the alternative of in-program
bounds checking that we currently use.

Similarly, pointers don't necessarily need to be changed and your array
problem isn't valid. Cachelines could be marked with canaries that fault on
read/write, similar to how the NX bit currently works.

The NX bit is actually a good example of a hardware security-performance trade
off that nearly everyone agrees on. Now 20 years later, we can afford to mark
several more bits at some cache offset for a hardware bounds field.

------
pseudolus
The Morris Worm had a literary inspiration in the form of John Brunner's 1975
"The Shockwave Rider", one of the earliest depictions of computer hacking [0].
A great book that still stands the test of time.

[0]
[https://en.wikipedia.org/wiki/The_Shockwave_Rider](https://en.wikipedia.org/wiki/The_Shockwave_Rider)

~~~
KineticLensman
> A great book that still stands the test of time.

Agree. I think one of the reasons is that Brunner doesn't actually precisely
describe the technology except in terms like 'the home phone service was tied
into the net'. This makes it very easy to superimpose our modern perceptions
onto a book that is now 45 years old. It's almost less jarring than the
mid-80s cyberpunk classics such as Neuromancer with its no-mobile-phones and
line-printers-in-space-stations.

~~~
danmg
Too bad we didn't get the techno-socialism modeled after Allende's Chile that
was at the end of the book.

------
tptacek
Thing I love (puckishly, I admit) pointing out: Paul Graham features in Hafner
and Markoffs telling of the RTM worm story in _Cyberpunk_ (as I recall, he's a
go-between for RTM and the reporters).

~~~
taborj
Also of note: Cliff Stoll deals with the worm in his excellent _The Cuckoo's
Egg_ book, including discussions with Robert Morris Sr (RTM's father), who was
chief scientist at the NSA at the time.

~~~
idlewords
Cliff Stoll now sells beautiful handmade Klein bottles out of his Berkeley
home (by appointment) and is a lovely guy to visit. These are, for my money,
the finest non-orientable manifolds available in the Bay Area today.

[https://www.kleinbottle.com](https://www.kleinbottle.com)

~~~
tptacek
Did you ever buy one?

~~~
idlewords
Yeah, I got a small starter bottle. The biggest one I recall seeing was this
beast, but I don't know whether it is still for sale:
[https://www.kleinbottle.com/meter_tall_klein_bottle.html](https://www.kleinbottle.com/meter_tall_klein_bottle.html)

~~~
tptacek
Neat!

I saw him give a talk once; he's an extraordinarily good speaker.

------
ohjeez
I feel so old. Thirty years? I was working in my office (actual _office with a
door_, not a cube) at Prime Computer when people began wandering the halls,
asking, "What happened to the Internet?"

Mostly, for me, it meant I couldn't access alt.music.katebush.

~~~
Angostura
I was immediately cut off from alt.religion.kibology

------
petercooper
Somehow I was reading about this the other day and what I didn't realize at
the time is that Robert Tappan Morris is one of YC's co-founders :-)

~~~
tim333
PG was quite funny talking about it
[https://www.youtube.com/watch?v=4WO5kJChg3w&feature=youtu.be...](https://www.youtube.com/watch?v=4WO5kJChg3w&feature=youtu.be&t=785)

------
hamilyon2
There should be two market indices.

One should include those few companies that are serious about zero-day
vulnerabilities and IT security in general. For example, they should be active
with bug bounties.

The other one should include stock of rest of market, with proportion of
sectors close to first.

I wonder, which would do better?

------
gambler
_> What of the Morris Worm’s other entry method, based on weak passwords?_

Oh, but we all know that this is totally fixed by 5-factor authentication. You
just type in your password, click on an emailed link, type a pin from your
mandatory cellphone app, undergo an ECG and then send in a urine sample. And
then you're logged in. It's super easy, and if you're not using it, it's your
own damn fault. Even when the website you're using doesn't support it. Just
get over it and stop using websites not owned by Google already.

~~~
mr-ron
How did an article about works turn into a rant about Google?

2 factor authentication is probably the best way to mitigate against automated
attacks like this worm. Its unrealistic for root os access, but if more people
required an email or text to verify a login, there would be a lot less hacks
in the world

------
scottripley
[https://github.com/arialdomartini/morris-
worm](https://github.com/arialdomartini/morris-worm)

~~~
bediger4000
I think this is the decompilation that you used to be able to mail-order from
the back of 2600 Magazine in the early 90s.

There were small pieces of RTM's original code in the famed "Cornell Report",
which showed that at least this code is not RTM's original code.

Are other decompilations floating around? Did RTM's original code ever get
leaked?

------
drallison
There is always a local angle (H. Caen). Robert Morris Sr was a cryptographer,
chief scientist of the NSA, and father of Robert Tappen Morris, Jr. Robert
Tappen Morris Jr. was the creator of the Morris Worm. He is a friend of Paul
Graham and is a partner in Y-Combinator.

------
bibyte
The security differences between then and now is so complex that it's just
mind-boggling.

------
insertcredit
One fact that's seldom reported is that RTM's father, Robert H. Morris Sr,
started working for the NSA in 1986, two years before RTM unleashed the worm.
Food for thought maybe?

~~~
emptyplate
Not seldom reported at all. Was actually considered a major career
embarrassment for RHMS.

Just a coincidence.

