ROBERT TAPPAN MORRIS
Robert Tappan Morris
The worm :
Morris created the worm while he was a graduate student at Cornell University. The original intent, according to him, was to gauge the size of the Internet.
He released the worm from the Massachusetts Institute of Technology (MIT) to conceal the fact that it actually originated from Cornell. Unknown to Morris, the worm had a design flaw. The worm was programmed to check each computer it found to determine if the infection was already present.
However, Morris believed that some administrators might try to defeat his worm by instructing the computer to report a false positive. To compensate for this possibility, Morris directed the worm to copy itself anyway, fourteen percent of the time, no matter the response to the infection-status interrogation.
This level of replication proved excessive and the worm spread rapidly, infecting several thousand computers. It was estimated that the cost of repair for the damage caused by the worm at each system ranged from $200 to more than $53,000.
The worm exploited several vulnerabilities to gain entry to targeted systems, including:
a hole in the debug mode of the Unix sendmail program,
a buffer overrun hole in the fingerd network service,
the transitive trust enabled by people setting up rexec/rsh network logins without password requirements...
Biography :
1987 - Received his A.B. from Harvard.
1988 - Released the Morris worm (when he was a graduate student at Cornell).
1989 - Indicted under the Computer Fraud and Abuse Act of 1986 on July 26, 1989 - the first person to be indicted under this Act.
1990 - Convicted and sentenced to three years of probation, 400 hours of community service, a fine of $10,050 and the cost of his supervision.
1995 - Founded Viaweb, a start-up company that made software for building online stores - with Paul Graham.
1998 - Viaweb sold to Yahoo, who renamed it software Yahoo! Store.
1999 - Received Ph.D. in Applied Sciences from Harvard.
1999 - Appointed as a professor at MIT.
2005 - Founded Y Combinator, a venture capital firm - with Paul Graham.
2006 - Awarded tenure.
2006 - Technical advisor for Meraki Networks.
His principal research interest is computer network architectures which includes work on distributed hash tables such as Chord and wireless mesh networks such as Roofnet.
Morris is a longtime friend of Paul Graham (Graham dedicated his book ANSI Common Lisp to him) and Graham named the programming language that generates the online stores' web pages RTML in his honor.
source : http://hiddencomputer.blogspot.com/2008/04/robert-tappan-morris.html Leia Mais…
Adrian Lamo
Personal :
Lamo was born in Boston, Massachusetts to Mario Lamo and Mary Lamo-Atwood. He spent his early childhood in Arlington, VA, until moving to Bogot?, Colombia around the age of 10. When his family moved back to the United States two years later, they settled in San Francisco, where Adrian lived until he tested out of High School a year early.
Dubbed the "homeless hacker" for his transient lifestyle, Lamo spent most of his travels couch-surfing, squatting in abandoned buildings and travelling to Internet cafes, libraries and universities to investigate networks, and sometimes exploit security holes. Despite performing authorized and unauthorized vulnerability assessment for several large, high-profile entities, Lamo refused to accept payment for his services. In the past, his lifestyle allowed him to travel up and down the coasts of the United States, often by bus, carrying all necessary possessions in a backpack.
Professional :
Since Lamo's sentencing, he has entered the early stages of a career as an award-winning journalist, studying at American River College, with writing, photography, and editorial work / collaboration appearing in Network World, Mobile Magazine, 2600 Magazine, The American River Current, XY Magazine, and others.
Lamo has interviewed personalities ranging from John Ashcroft, to Oliver Stone to alleged members of the Earth Liberation Front. Lamo also has a history of public speaking - he was a keynote speaker at a government security conference in 2005 alongside Bruce Schneier, and a panelist at the Information Security In the Age of Terrorism conference.
Lamo has shown signs of increased cooperation with media since his release from federal custody, including a podcast interview with Patrick Gray in Australia, and an April 2007 segment on 88.1 WMBR out of Cambridge.
Activities and techniques :
Adrian Lamo is perhaps best known for breaking into The New York Times internal computer network in February 2002, adding his name to confidential databases of expert sources, and using the paper's LexisNexis account to conduct research on high-profile subjects, although his first published activities involved operating AOL watchdog site Inside-AOL.com. The Times filed a complaint and a warrant for Lamo's arrest was issued in August 2003 following a 15 month investigation by federal prosecutors in New York.
At 10:15 AM on September 9, after spending a few days in hiding, he surrendered to the US Marshals in Sacramento, California. He re-surrendered to the FBI in New York City on September 11, and pleaded guilty to one count of computer crimes against Microsoft, Lexis-Nexis and The New York Times on January 8, 2004.
Later in 2004, Lamo was sentenced to six months' detention at his parents' home plus two years probation, and was ordered to pay roughly $65,000 in restitution. He was convicted of compromising security at The New York Times and Microsoft, and is alleged to have admitted to exploiting security weaknesses at Excite@Home, Yahoo!, Microsoft, MCI WorldCom, Ameritech, Cingular and has allegedly violated network security at AOL Time Warner, Bank of America, Citigroup, McDonald's and Sun Microsystems.
Companies sometimes use proxies to allow their employees access to the internet, without giving the internet access to their internal network. However, when these proxies are improperly configured, they can allow access to the company's internal network. Lamo often exploited this, sometimes using a tool called ProxyHunter.
Critics have repeatedly labelled Lamo as a publicity seeker or common criminal, claims that he has refused to publicly refute. When challenged for a response to allegations that he was glamorizing crime for the sake of publicity, his response was "Anything I could say about my person or my actions would only cheapen what they have to say for themselves." When approached for comment during his criminal case, Lamo would frequently frustrate reporters with non sequiturs such as "Faith manages" and "It was a beautiful day."
At his sentencing, Lamo expressed remorse for harm he had caused through his intrusions, with the court record quoting him as adding "I want to answer for what I have done and do better with my life."
As of January 16, 2007, Lamo's probation was terminated, ending a three-year period during which the U.S. District Court's ruling prevented him from exercising certain freedoms, including the ability to employ any privacy protection software, travel outside certain established boundaries, or socialize with security researchers.
DNA controversy :
On May 9, 2006, while 18 months into a two year probation sentence, Adrian Lamo refused to give the United States government a blood sample they demanded so as to record his DNA in their CODIS system. According to his attorney, Adrian Lamo has a religious objection to giving blood, but is willing to give his DNA in another form. "He went in there with fingernail clippings and hair, and they refused to accept it, because they will only accept blood," said federal public defender Mary French.
On June 15, 2007, lawyers for Lamo filed another motion citing the Book of Genesis as one basis for Lamo's religious opposition to the frivolous spilling of blood: "The Book of Genesis leaves unambiguous this matter. Therein, those who would spill the blood of man are rebuked as follows: 'Whoever sheds the blood of man, by man shall his blood be shed; for in the image of God has God made man.' Genesis 9:6 (New International Version)."
Lamo continued: "Under this admonition, not only would I be blinding myself to the direct instructions of scripture by shedding blood, but I would similarly be casting whomever facilitated this act into sin, multiplying my culpability," setting the basis for defense counsel Mary French to urge US District Court Judge Frank Damrell to exempt Lamo from the sampling entirely, or to order his probation officer to accept some other biological product in lieu of blood, as previously offered by Lamo.
On June 21, 2007, it was reported that Lamo's legal counsel had reached a settlement agreement with the U.S. Department of Justice granting Lamo's original request. According to Kevin Poulsen's blog, "On Wednesday, the Justice Department formally settled the case, filing a joint stipulation along with Lamo's federal public defender dropping the demand for blood, and accepting cheek swabs instead." Reached for comment, Lamo reportedly affirmed to Poulsen his intention to "comply vigorously" with the order.
Can You Hack It?
source : http://hiddencomputer.blogspot.com/2008/04/adrian-lamo-born-1981-is-infamous.html Leia Mais…
Subscribe to:
Comments (Atom)
