TANNENBAUM: 9 SECURITY (FOR THE LITTLE FUR FAMILY)
THE LITTLE FUR SONG
ROBERT TAPPAN MORRIS First person (in 1990) sentenced for spreading malware
11/2/1988 Cornell graduate student released released into (then) Internet Virus A program fragment that attaches to a legitimate program with the intention of infecting other programs Work Self-Replicating program that burrows into systems via networks
MORRIS AND HIS IRONIES The Ironies Irony 1 Annual meeting of Usenix opened at Berkeley By evening participants had distributed fixes Irony 2: The wormexploited weak passwords Morris’s father and Ken Thompson wrote a classic paper on passwords 86% of all passwords were first names, last names, words spelled backwards, and other easy-to-guess stuff
COMPUTER SECURITY REDUCES TO 1.Developing a model of security Who has access to what and what kind of access? 2.Reducing vulnerabilities Fixing them as they occur Reducing the size of the trusted security base 3.Protecting Access: Password Protection 4.Protecting Files: Encryption
MORRIS WORM EXPLOITED TRUST Overview of the Morris Worm Propagation Via the Finger Daemon How the Morris Work Guessed Passwords Spreading Via rexec and rsh
PASSWORDS IN UNIX /etc/passwd holds user info /etc/shadow holds hashed password Salt Demystified creating a hashed and salted password in python import crypt crypt(password, salt) Where salt is a two character element of [a-zA-Z0-9] print(crypt.crypt(‘burningbright01’,’aa’)) To see your shadow password: cat /etc/shadow | grep tyger Irony 3: The orginal crypt() was by written Morris the Elder and Ken Thompson