[ih] Security issues are not discussed in this memo [was: A revolution...]

Olivier MJ Crépin-Leblond ocl at gih.com
Fri May 15 02:27:54 PDT 2026 

Ah, the Morris Worm - we in the UK running on JANET CBS+X.25, thus *not* 
TCP-IP, saw this happen in real time until the whole TCP-IP Internet was 
shut down.

The one article that I remember as having a high impact was the report 
from Jon Rochlis and Mark Eichin from MIT - With microscope and 
tweezers: the worm from MIT's perspective, published in June 1989. (but 
it circulated around the 'net a few months before)
You can find it at: the Proceeds of the ACM - 
https://dl.acm.org/doi/10.1145/63526.63528

Kindest regards,

Olivier

On 12/05/2026 00:50, the keyboard of geoff goodfellow via 
Internet-history wrote:
> vis-a-vis the Morris worm released in November 1988:
>
> The Berkeley Hillside Club on Feb 24, 2022 had a Fireside Meeting with Eric
> Allman -- the programmer who developed sendmail "... about those early,
> heady days as electronic communication began to be an essential part of all
> of our lives. This conversation will discuss the origins of sendmail, the
> attitudes of the time, and how the Internet grew and changed over the
> years."
>
> During this Fireside Meetings Q&A yours truly asked Eric:
>
> *"Could you give some backstory about the sendmail DEBUG command that
> contributed to the Morris Internet Worm incident of 1988?"*
>
> his backstory reply is queued below at the 51:15 minute mark:
>
> https://youtu.be/j6h-jCxtSDA?si=EepWGNh4Yv5ckv1l&t=3075
>
> g
>
> On Mon, May 11, 2026 at 2:10 PM Greg Skinner via Internet-history <
> internet-history at elists.isoc.org> wrote:
>
>> On May 10, 2026, at 9:31 PM, Brian E Carpenter <
>> brian.e.carpenter at gmail.com> wrote:
>>> On 11-May-26 12:09, Greg Skinner via Internet-history wrote:
>>> ...
>>>> I’m not sure what Andrew Sullivan meant by “give away.” IMO, the USG
>> had a much more liberal attitude towards 1970s and 1980s Internet
>> technology, as well as the Internet itself, than it did towards
>> cryptographic technology at that time.  The history of PGP< https://en.wikipedia.org/wiki/Pretty_Good_Privacy> provides an example of
>> this.  If the Internet and/or Internet technology had been subject to
>> tighter access and export controls, neither might have (as easily) become
>> what they are today.  (I realize there is a lot more to this, and would
>> welcome others who have much more experience than I do in this area to
>> comment.)
>>> When did people start to think seriously about security (which is much
>> more than cryptography, of course)?
>>> It was RFC 1311 (March 1992) that introduced the infamous phrase
>> "Security issues are not discussed in this memo" which was used quite
>> liberally for a long time. "Security Considerations" sections in RFCs seem
>> have become normal around 1989, but most of them were very weak for many
>> years. (At CERN, we saw elementary attacks from about 1986, mainly via
>> DECNET, and we first appointed a network security person in about 1988.)
>>> Of course, by the time the PGP mess came along, it was clear that NSA
>> and its friends were taking a lot of interest in the Internet, and we poked
>> the hornet's nest in the mid-1990s with RFC 1984. But DARPA funding was
>> gone by then.
>>> Regards/Ngā mihi
>>>    Brian Carpenter
>>  From what I remember, there were various mailing lists and newsgroups
>> dating back (at least) to the 1980s where security issues were discussed.
>> One list, the RISKS digest, is maintained by Peter Neumann< https://en.wikipedia.org/wiki/Peter_G._Neumann>, who was mentioned
>> earlier in this thread.
>>
>> When the Morris worm was released in November 1988, it sparked a lot of
>> discussion on many lists, such as the RISKS digest. [1] [2] Eventually, RFC
>> 1135 was written about it. [3] IMO, that incident raised consciousness
>> about security among IETF people, implementors of network protocols and
>> services, etc.
>>
>> [1]https://en.wikipedia.org/wiki/Morris_worm
>> [2]https://catless.ncl.ac.uk/risks/7/69
>> [3]https://www.rfc-editor.org/rfc/rfc1135
>>
>> --gregbo
>>
>>
>> --
>> Internet-history mailing list
>> Internet-history at elists.isoc.org
>> https://elists.isoc.org/mailman/listinfo/internet-history
>> -
>> Unsubscribe:
>> https://app.smartsheet.com/b/form/9b6ef0621638436ab0a9b23cb0668b0b?The%20list%20to%20be%20unsubscribed%20from=Internet-history
>>
>>

More information about the Internet-history mailing list