SoylentNews

canopic jug [soylentnews.org] writes:

Last week, Professor Eugene "spaf" Spafford [purdue.edu] published an article, Reflecting on the Internet Worm at 35 [purdue.edu], on the Morris Internet worm which hit the net back on November 2, 1988 back when there were likely fewer than 100k systems connected to the Internet, though maybe even as few as 60k. Some estimates suggest that around 1 out of 10 of those systems were infected, due to several holes in the target systems. Those which were infected ground to a halt due to a mistake in the worm itself.

Nonetheless, the event and its aftermath were profound for those who lived through it. No major security incident had ever occurred on such a scale before. The Worm was the top news story in international media for days. The events retold in Cliff Stoll's Cuckoo's Egg [wikipedia.org] were only a few years earlier but had affected far fewer systems. However, that tale of computer espionage heightened concern by authorities in the days following the Worm's deployment regarding its origin and purpose. It seeded significant changes in law enforcement, defense funding and planning, and how we all looked at interconnectivity. In the following years, malware (and especially non-virus malware) became an increasing problem, from Code Red [wikipedia.org] and Nimda [wikipedia.org] to today's botnets and ransomware. All of that eventually led to a boom in add-on security measures, resulting in what is now a multi-billion dollar cybersecurity industry.

[...] The Worm provided us with an object lesson about many issues that, unfortunately, were not heeded in full to this day. That multi-billion dollar cybersecurity industry is still failing to protect far too many of our systems. Among those lessons: [...]

Via Bruce Schnieir's blog [schneier.com].

Original Submission