- More porn sneaks onto the iPhone
- 'Swatting' case shows need to ban caller-ID spoofing
- Why the iPhone can't be "killed"
- Nortel enterprise chief wants to bring back Bay
- US sets final emergency responder wireless pilot
The Internet will mark an infamous anniversary on Sunday, when the Morris worm turns 20.
Considered the first major attack on the 'Net, the Morris worm served as a wake-up call to the Internet engineering community about the risk of software bugs, and it set the stage for network security to become a valid area of research and development. (Watch a slideshow of the 10 worst moments in network security history.)
"It was a really big deal," says Eric Allman, a computer programmer who in 1981 authored sendmail, open source Internet e-mail software, while he was a student at the University of California at Berkeley. Today, Allman serves as chief science officer at Sendmail, a company that sells commercial-grade versions of the software.
"The biggest implication of the Morris worm was that the Internet was very small … and it was considered a friendly place, a clubhouse," Allman says. "This [attack] made it clear that there were some people in that clubhouse who didn't have the best interests of the world in mind … This made it clear we had to think about security."
Despite the high-profile nature of the worm, some experts say its importance was not fully appreciated at the time.
"The really interesting lesson of the Morris Worm is how little long-term impact it had," says Steve Bellovin, a professor in the Department of Computer Science at Columbia University who was developing an early firewall at Bell Labs when the attack occurred. "It showed people who cared how dangerous buggy software could be, but nobody else really paid that much attention to network security afterwards. It wasn't until the mid-1990s that it became an issue again."
The Morris worm was written by Cornell University student Robert Tappan Morris, who was later convicted of computer fraud for the incident. Today, Morris is a respected associate professor of computer science at MIT. Launched around 6 p.m. on Nov. 2, 1988, the Morris worm disabled approximately 10% of all Internet-connected systems, which were estimated at more than 60,000 machines.
The Morris worm was a self-replicating program that exploited known weaknesses in common utilities including sendmail, which is e-mail routing software, and Finger, a tool that showed which users were logged on to the network.
The Leader in Network Knowledge
Comments (4)
factBy Anonymous on June 17, 2009, 4:34 pmNo! the Morris worm was made due to an mistake, the proffesor witch was working on it had as goal to gauge the size of the internett but instead created the first...
Reply | Read entire comment
Terrorists at MIT?By MikeM on November 4, 2008, 1:35 pmSo the writer of the Morris worm, the first terrorist attack on the Internet, is now an asst prof at MIT. Shades of William Ayers. Thankfully the McCain fear-mongers...
Reply | Read entire comment
Not much of an exaggerationBy Adam Gaffin on November 3, 2008, 1:38 pmIn 1989, I was a reporter at a middling Massachusetts daily newspaper. During the whole Tienanmen Square thing, our editor heard about "some computer network" students...
Reply | Read entire comment
Internet Awareness in 1988By Greg Andrew on October 31, 2008, 6:54 pmWhile it's true that the Morris worm generated the first major mainstream media coverage of the Internet, it's a wild exaggeration to say, as Steve Bellovin does,...
Reply | Read entire comment
View all comments