Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

more on "Rumplestiltskin worm" on the loose?

From: David Farber <dave () farber net>
Date: Sun, 8 May 2005 09:05:51 -0400


Begin forwarded message:

From: Brett Glass <brett () lariat org>
Date: May 7, 2005 9:05:57 PM EDT
To: Lauren Weinstein <lauren () vortex com>
Cc: Lauren Weinstein <lauren () vortex com>, dave () farber net
Subject: Re: [IP] "Rumplestiltskin worm" on the loose?


At 06:41 PM 5/7/2005, Lauren Weinstein wrote:



Most of this stuff would have been done differently if we had
realized at the time that so much of it was going to end up
used by the masses in the manner it is today, that's for sure.



That was one thing I kept harping on in graduate school. The
moment HP, Sun, and other Silicon Valley companies got on the
ARPANet, I was asking people, "What about Aunt Tillie?" I was
on The WELL when it was allowed to hook up to the Net via UC
Berkeley over a horrendously expensive "experimental" X.25
link (which was mostly used for Netnews). I saw the rest as
inevitable.

I remember when I discovered that anyone could log into the
unsecured terminal servers at most universities -- with no
password -- and establish TCP sessions with machines on the
ARPAnet. I had written a terminal emulator with sophisticated
scripting capabilities, and one weekend coded an SMTP client
in the scripting language. I think I still have the code on
one of my old MS-DOS machines. With it, I could inject e-mail
into the ARPAnet just by calling any of several local
numbers at Stanford. (If I wanted to go farther afield, I also
could have called UC Davis or UC Berkeley.) I happened to be
authorized to use Stanford's network because I was a grad
student at the time, but what I was doing was a demonstration
of how easy it would be to "abuse" the ability to make
connections on Port 25. Yes, I could have spammed the entire
ARPAnet right then and there.

I mentioned my little experiment to Russell Brand, who was aghast.
He knew the potential of what I was doing and was justifiably
worried that others would find out. I told him, "Russell,
people ARE going to find out about this, and I don't need to
be the one to tell them."

Now they have.

--Brett



-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: