YouTube

Got a YouTube account?

New: enable viewer-created translations and captions on your YouTube channel!

English subtitles

← 1988 Internet Worm - Software Testing

Get Embed Code
1 Language

Showing Revision 3 created 05/25/2016 by Udacity Robot.

  1. So now let's talk about the 1988 Internet worm.
  2. There are several interesting things about this Internet worm.
  3. Probably the main one is that it was one of the first worms
  4. that actually got widespread attention.
  5. It got this attention for good reason.
  6. If you remember 1988, the Internet was not particularly well known to the general public,
  7. and it had a relatively small number of users.
  8. And even so, this worm infected an estimated 6,000 machines.
  9. And while this is a really tiny number compared to a modern worm
  10. or a modern botnet or something like this,
  11. this was a substantial fraction of the number of machines connected to the Internet at the time.
  12. The way this worm spread is it used computers' Internet connections
  13. to exploit known vulnerabilities in the UNIX hosts of the time.
  14. Of course, at the time, the existence of a remotely exploitable bug
  15. wasn't considered nearly as serious as it would be considered today
  16. because, of course, the 1988 worm and all of the subsequent ones hadn't happened yet.
  17. One of these bugs was a buffer overflow exploit in the finger daemon,
  18. and this was a service that would run on UNIX machines of the time,
  19. and the finger daemon would let you query a remote machine
  20. to learn about whether a user was logged in to that machine and some other stuff.
  21. And so now let's ask the question, would random testing have changed the outcome?
  22. Well, it seems extremely likely not because these bugs were known at the time.
  23. On the other hand, let's ask a little bit different question.
  24. Could this bug in finger daemon and lots of other bugs like it
  25. have been found by random testing?
  26. And the answer to the question is probably yes.
  27. In fact, if we go back to the original fuzzing paper,
  28. one of the bugs that was found was caused by the same programming practice
  29. that provided one of the security holes to the Internet worm.
  30. So basically, even in its original fairly weak form
  31. where fuzzing was done with completely random data,
  32. it was finding the kind of bugs that were causing security holes.
  33. This remains true to this day, but fuzzers are used to find a lot of exploitable vulnerabilities
  34. in hosts that have Internet-facing services.
  35. So in summary, it could have found the kind of bugs that the worm exploited
  36. and others like it had people been running fuzzers a couple of years earlier.