[govsec] Morris Worm and a Change in Direction
Robert G. Ferrell
rgferrell at direcway.com
Fri Nov 5 11:39:30 EST 2004
It's been over 6 months since I posted to GovSec;
many of you probably forgot you were even subscribed.
I originally founded this list with the hope of fostering
meaningful discussion concerning the unique issues
facing those entrusted with securing information
systems in the public sector. Such dialogue has, unfortunately,
largely failed to materialize, for whatever reason, so
I've decided to change my tack a bit. I'm going to
use this list to post items of interest to the
government infosec community, about which you are,
of course, free to comment. I expect it will still be a very
low volume list, but hopefully what little traffic you
do receive will be of more use and interest.
****************************************
As most of you are no doubt already aware, Wednesday was the
16th anniversary of the release of the Morris worm. I expect
many of us can remember exactly where we were and what we
were doing when it hit--I was working in a medical research
lab at a university in Texas.
Worms have become commonplace in this day and age, but I wonder
if people who have entered the infosec field since that
November day in 1988 really understand what fundamental
changes took place in the collective attitudes of those using
the Internet. Security was a personal affair back then--
true anonymity was rare, and there simply weren't enough nodes
to rely on some convoluted path for obscurity. The bang path
of your email messages was pretty much a roadmap back to
you, for example--a sort of electronic manifestation of what
biologists call the principle of "ontogeny recapitulating
phylogeny."
Security since those days has morphed into a multi-billion dollar
industry and a major employer within the IT field, but I can't
help but be curious how many of the newly-certificated experts
out there understand the fundamental history of their
chosen vocation. One very important aspect of being a professional
soldier is a thorough knowledge of military history. Every
general who has come before you has contributed to the common
pool of knowledge in the art and science of warfare. If you
aren't intimately familiar with their success and failures,
you doom yourself, needlessly, to making their same mistakes.
Today is a good day to take it upon yourselves to study the
brief but rich history of infosec, and thereby to learn the
lessons of the past--so that they won't become the all too
familiar news stories of the future.
Cheers,
RGF
More information about the govsec
mailing list