Please create an account to participate in the Slashdot moderation system


Forgot your password?

Comment From Comp.Risks 7.73 What really happend (Score 3, Interesting) 51

Date: Tue, 8 Nov 88 21:40:00 PST
From: (the tty of Geoff Goodfellow)
Subject: NYT/Markoff: The Computer Jam -- How it came about

c.1988 N.Y. Times News Service, 8-Nov-88

      Computer scientists who have studied the rogue program that crashed through
many of the nation's computer networks last week say the invader actually
represents a new type of helpful software designed for computer networks.
      The same class of software could be used to harness computers spread aroun
the world and put them to work simultaneously.
      It could also diagnose malfunctions in a network, execute large computations
on many machines at once and act as a speedy messenger.
      But it is this same capability that caused thousands of computers in
universities, military installations and corporate research centers to stall
and shut down the Defense Department's Arpanet system when an illicit version
of the program began interacting in an unexpected way.
      ``It is a very powerful tool for solving problems,'' said John F. Shoch, a
computer expert who has studied the programs. ``Like most tools it can be
misued, and I think we have an example here of someone who misused and abused
the tool.''
      The program, written as a ``clever hack'' by Robert Tappan Morris, a
23-year-old Cornell University computer science graduate student, was
originally meant to be harmless. It was supposed to copy itself from computer
to computer via Arpanet and merely hide itself in the computers. The purpose?
Simply to prove that it could be done.
      But by a quirk, the program instead reproduced itself so frequently that the
computers on the network quickly became jammed.
      Interviews with computer scientists who studied the network shutdown and
with friends of Morris have disclosed the manner in which the events unfolded.
      The program was introduced last Wednesday evening at a computer in the
artificial intelligence laboratory at the Massachusetts Institute of
Technology. Morris was seated at his terminal at Cornell in Ithaca, N.Y., but
he signed onto the machine at MIT. Both his terminal and the MIT machine were
attached to Arpanet, a computer network that connects research centers,
universities and military bases.
      Using a feature of Arpanet, called Sendmail, to exchange messages among
computer users, he inserted his rogue program. It immediately exploited a
loophole in Sendmail at several computers on Arpanet.
      Typically, Sendmail is used to transfer electronic messages from machine to
machine throughout the network, placing the messages in personal files.
      However, the programmer who originally wrote Sendmail three years ago had
left a secret ``backdoor'' in the program to make it easier for his work. It
permitted any program written in the computer language known as C to be mailed
like any other message.
      So instead of a program being sent only to someone's personal files, it
could also be sent to a computer's internal control programs, which would start
the new program. Only a small group of computer experts _ among them Morris _
knew of the backdoor.
      As they dissected Morris's program later, computer experts found that it
elegantly exploited the Sendmail backdoor in several ways, copying itself from
computer to computer and tapping two additional security provisions to enter
new computers.
      The invader first began its journey as a program written in the C language.
But it also included two ``object'' or ``binary'' files -- programs that could
be run directly on Sun Microsystems machines or Digital Equipment VAX computers
without any additional translation, making it even easier to infect a computer.
      One of these binary files had the capability of guessing the passwords of
users on the newly infected computer. This permits wider dispersion of the
rogue program.
      To guess the password, the program first read the list of users on the
target computer and then systematically tried using their names, permutations
of their names or a list of commonly used passwords. When successful in
guessing one, the program then signed on to the computer and used the
privileges involved to gain access to additonal computers in the Arpanet
      Morris's program was also written to exploit another loophole. A program on
Arpanet called Finger lets users on a remote computer know the last time that a
user on another network machine had signed on. Because of a bug, or error, in
Finger, Morris was able to use the program as a crowbar to further pry his way
through computer security.
      The defect in Finger, which was widely known, gives a user access to a
computer's central control programs if an excessively long message is sent to
Finger. So by sending such a message, Morris's program gained access to these
control programs, thus allowing the further spread of the rogue.
      The rogue program did other things as well. For example, each copy
frequently signaled its location back through the network to a computer at the
University of California at Berkeley. A friend of Morris said that this was
intended to fool computer researchers into thinking that the rogue had
originated at Berkeley.
      The program contained another signaling mechanism that became its Achilles'
heel and led to its discovery. It would signal a new computer to learn whether
it had been invaded. If not, the program would copy itself into that computer.
      But Morris reasoned that another expert could defeat his program by sending
the correct answering signal back to the rogue. To parry this, Morris
programmed his invader so that once every 10 times it sent the query signal it
would copy itself into the new machine regardless of the answer.
      The choice of 1 in 10 proved disastrous because it was far too frequent. It
should have been one in 1,000 or even one in 10,000 for the invader to escape
      But because the speed of communications on Arpanet is so fast, Morris's
illicit program echoed back and forth through the network in minutes, copying
and recopying itself hundreds or thousands of times on each machine, eventually
stalling the computers and then jamming the entire network.
      After introducing his program Wednesday night, Morris left his terminal for
an hour. When he returned, the nationwide jamming of Arpanet was well under
way, and he could immediately see the chaos he had started. Within a few hours,
it was clear to computer system managers that something was seriously wrong
with Arpanet.
      By Thursday morning, many knew what had happened, were busy ridding their
systems of the invader and were warning colleagues to unhook from the network.
They were also modifying Sendmail and making other changes to their internal
software to thwart another invader.
      The software invader did not threaten all computers in the network. It was
aimed only at the Sun and Digital Equipment computers running a version of the
Unix operating system written at the University of California at Berkeley.
Other Arpanet computers using different operating systems escaped.
      These rogue programs have in the past been referred to as worms or, when
they are malicious, viruses. Computer science folklore has it that the first
worms written were deployed on the Arpanet in the early 1970s.
      Researchers tell of a worm called ``creeper,'' whose sole purpose was to
copy itself from machine to machine, much the way Morris's program did last
week. When it reached each new computer it would display the message: ``I'm the
creeper. Catch me if you can!''
      As legend has it, a second programmer wrote another worm program that was
designed to crawl through the Arpanet, killing creepers.
      Several years later, computer researchers at the Xerox Corp.'s Palo Alto
Research Center developed more advanced worm programs. Shoch and Jon Hupp
developed ``town crier'' worm programs that acted as messengers and
``diagnostic'' worms that patrolled the network looking for malfunctioning
      They even described a ``vampire'' worm program. It was designed to run very
complex programs late at night while the computer's human users slept. When the
humans returned in the morning, the vampire program would go to sleep, waiting
to return to work the next evening.

            [Please keep any responses short and to the point. PGN]

Comment Re:Who elected this guy to speak for Silicon Valle (Score 1) 299

A few points.

1) It was written 15 years ago. Since then we've had 9/11, the Patriot Act, Wikileaks and the NSA invasion of privacy just to mention a few interesting events. So many actors have changed their stripes (Google seems to be a prime example) since this was written. Yet his points are still relevant! If we had paid attention to Dr. Rodgers points then maybe we wouldn't be in the mess we are today.
2) It IS a valley idiot. I stand outside and see two mountain ranges, one on either side... a valley!
3) Since the 1960s this place has been the center of the Semiconductor industry. In the last decade the place has lost most of its manufacturing. Yet calling Silicon Valley 15 years ago was an accurate portrayal.

Comment Re:Makes sense (Score 1) 414

I believe you are in the wrong place - this is NOT the Microsoft lover's website, but rather the Microsoft Haters website. You must have entered a wrong door some place? Please exit immediately before serious flame damage occurs.

Also note that the tiled interface on Windows 8 is the perfect explanation as to WHY a merging of a desktop and phone environment is stupid. Phones have enough screen room for 1 application, while desktops have screen room for multiple windows. Going to a single window model for desktops is STUPID. Microsoft had an "epic fail" with the Windows 8 tiled interface on the desktop. For that matter it is pretty much an epic fail in the phone marketplace too for the simple fact that it blows chunks!

Whoops - see - you weren't quick enough to avoid flame damage!

Comment Does Musk has egg on his face now? (Score -1, Flamebait) 388

Seems to me that Elon Musk may have some egg on his face since he so boldly offered to help out Boeing redesign their battery system on the 787 not to long ago. It seems that Tesla's Li-ion batteries are just as likely to catch on fire! Now - admittedly it took a head-on collision to do that while the Boeing aircraft was just sitting there, but it seems that the Tesla has the same Achilles heal!

Comment Re:Shame on MoS (Score 1) 201

I think this very much depends on where the trial happens, UK or US. IANAL - but my understanding of US copyright law - you generally can't copyright lists of things like facts. For instance - from a lawsuit a very long time ago - you can't copyright the information in a phone book. So - if you can get away with the argument that a compilation is merely a list of songs - that is a winning argument for Spotify. I have no idea what the take on this is in the UK - so your mileage may vary considerably.

Comment Re:someone's gotta start the show (Score 5, Insightful) 175

Being a 30+year observer/survivor of Silicon Valley (and having gone through 3 start-ups) I have to ask - how is this any worse than now that it was during the Dot Com silliness?

For every roughly 10 companies started in the valley - 9 fail. Nothing new about that! It was that way before I got here!

New ideas are vital to the success of the place. Often they are bone-headed ideas? (How do you make money by giving things away for free - the common denominator in the Dot-Com era - as an example!) Others are obvious business models - Gee I think I'll build an on-line auction site (Ebay!) All have been tried - some failed and some soared.

Point is - this is just the normal rough-and-tumbel of Silicon Valley. The author needs to get over himself!

Comment Borland/Seagate were in Scotts Valley! (Score 4, Informative) 117

" Plantronics, Borland Software, SCO, Seagate Technologies, and Netflix"

Of these - Borland & Seagate were both located in Scotts Valley NOT Santa Cruz (the city). Scotts Valley is in Santa Cruz County but those are two entirely different entities/locations. Looking at the Netflix website - their Corp HQ is now in Los Gatos on the right side of the Hwy 17 hump!

Comment Re:This is more sensationalism than any real threa (Score 4, Insightful) 189

What is even more ridiculous is the 40% number. Come ON! What about Agriculture. In CA something like 90% or our H2O usage goes to growing things. The power generation is tiny. Then there is the little detail that many of our power plants use ocean water!

I'm calling BS on that number.

Comment Re:on an old LGP-30 my high school got donated (Score 1) 623

And that is ANOTHER bit of my history. Singer-Librascope was headquartered in my hometown of Glendale, CA. I got a summer internship there in 1978, well after the LGP30 days. At that point, Singer-Librascope was entirely devoted to building systems for various military programs. I worked in the R&D lab and picked up a huge amount of experience in a short 3 months. Got to work riding 10 blocks down the hill from home on my moped! To tie this post back into the thread - I got to do some Motorola 6800 programming. Met my first Exorciser development system in the process.

Librascope was going to bid on a device that was to be a submarine released aerial land-mine. They were bidding on delivering the canister that would hold the small missile. They needed to gather data on the characteristics of the canister as it floated up to the surface from the submarine. They wanted to graph depth versus time as the canister rose to the top. Initially we looked at different chart recorders. They were to big/bulky/expensive. Eventually they decided to do a custom 6800 chassis based on what I think was the Exorbus at the time (later to evolve into the VME bus during the 68K era). They plugged a 6800 board from Mot in the chassis along with a pressure transducer board and 32k of RAM. They put a set of switches on the box so the software could read about what it should be doing, and a large battery. The whole assembly fit into the cannister tube. They would pull it down several hundred feet in a lake they had access to and let it float to the top.

When they got it to the top, a program I wrote would play the pressure readings stored in memory out to the cassette port. They would record this onto a cassette for later data reduction. It was a real neat 1 off development effort done in a couple weeks. Lots of fun!

Slashdot Top Deals

Those who can't write, write manuals.