YouTube

Got a YouTube account?

New: enable viewer-created translations and captions on your YouTube channel!

English subtitles

← 1988 Internet Worm - Software Testing

Get Embed Code
1 Language

Edit Subtitles
Download

Showing Revision 3 created 05/25/2016 by Udacity Robot.

  1. Title:
    1988 Internet Worm - Software Testing
  2. Description:

  3. 0 0:00 - 0:02
    So now let's talk about the 1988 Internet worm.
  4. 2000 0:02 - 0:04
    There are several interesting things about this Internet worm.
  5. 4000 0:04 - 0:07
    Probably the main one is that it was one of the first worms
  6. 7000 0:07 - 0:09
    that actually got widespread attention.
  7. 9000 0:09 - 0:11
    It got this attention for good reason.
  8. 11000 0:11 - 0:14
    If you remember 1988, the Internet was not particularly well known to the general public,
  9. 14000 0:14 - 0:16
    and it had a relatively small number of users.
  10. 16000 0:16 - 0:19
    And even so, this worm infected an estimated 6,000 machines.
  11. 19000 0:19 - 0:22
    And while this is a really tiny number compared to a modern worm
  12. 22000 0:22 - 0:24
    or a modern botnet or something like this,
  13. 24000 0:24 - 0:28
    this was a substantial fraction of the number of machines connected to the Internet at the time.
  14. 28000 0:28 - 0:32
    The way this worm spread is it used computers' Internet connections
  15. 32000 0:32 - 0:35
    to exploit known vulnerabilities in the UNIX hosts of the time.
  16. 35000 0:35 - 0:38
    Of course, at the time, the existence of a remotely exploitable bug
  17. 38000 0:38 - 0:41
    wasn't considered nearly as serious as it would be considered today
  18. 41000 0:41 - 0:45
    because, of course, the 1988 worm and all of the subsequent ones hadn't happened yet.
  19. 45000 0:45 - 0:48
    One of these bugs was a buffer overflow exploit in the finger daemon,
  20. 48000 0:48 - 0:50
    and this was a service that would run on UNIX machines of the time,
  21. 50000 0:50 - 0:52
    and the finger daemon would let you query a remote machine
  22. 52000 0:52 - 0:56
    to learn about whether a user was logged in to that machine and some other stuff.
  23. 56000 0:56 - 0:59
    And so now let's ask the question, would random testing have changed the outcome?
  24. 59000 0:59 - 1:03
    Well, it seems extremely likely not because these bugs were known at the time.
  25. 63000 1:03 - 1:05
    On the other hand, let's ask a little bit different question.
  26. 65000 1:05 - 1:08
    Could this bug in finger daemon and lots of other bugs like it
  27. 68000 1:08 - 1:10
    have been found by random testing?
  28. 70000 1:10 - 1:12
    And the answer to the question is probably yes.
  29. 72000 1:12 - 1:14
    In fact, if we go back to the original fuzzing paper,
  30. 74000 1:14 - 1:17
    one of the bugs that was found was caused by the same programming practice
  31. 77000 1:17 - 1:20
    that provided one of the security holes to the Internet worm.
  32. 80000 1:20 - 1:24
    So basically, even in its original fairly weak form
  33. 84000 1:24 - 1:26
    where fuzzing was done with completely random data,
  34. 86000 1:26 - 1:29
    it was finding the kind of bugs that were causing security holes.
  35. 89000 1:29 - 1:33
    This remains true to this day, but fuzzers are used to find a lot of exploitable vulnerabilities
  36. 93000 1:33 - 1:35
    in hosts that have Internet-facing services.
  37. 95000 1:35 - 1:38
    So in summary, it could have found the kind of bugs that the worm exploited
  38. 98000 1:38 - 1:41
    and others like it had people been running fuzzers a couple of years earlier.