@mattblaze AFAIK the only group to discover Ken’s hack was us in PWB/UNIX. One of the other guys noticed C prepreprocessor had gotten bigger, looked at binary namelist, found symbol not in source code. I got onto Ken’s system, found the code, very clever.
@mattblaze A bit latet, I was in Lab 127’s terminal room, talking to dmr or bwk, and overheard amusing conversation between ken and Robert Morris Sr, who sometimes consulted for NSA.
(RM Jr of worm fame was just a kid then.)
(RM Jr of worm fame was just a kid then.)
@mattblaze They were chortling away over cleverness of exploit. Then one (must have been ken) said “think we could put this over on NSA?” (which already had UNIX systems... we did favors now and then).
More chortling, then (must have been Bob): uhh, NSA really doesn’t have sense of humor.
More chortling, then (must have been Bob): uhh, NSA really doesn’t have sense of humor.
@mattblaze PWB crew ran 1st real UNIX computer center & we were hyper-sensitive, partly because someone had called at night, told operator he was Ken Thompson & needed root password ... and got it. Turned out to be high schooler ... proving that social engineering tactics have been eternal.
@mattblaze Years later, as many BTL Directors were buying PDP11-70s for labs as general service systems, some PWB crew were asked to do security audits, given experience running biggest UNIX site. One lab was very proud of enhanced password software.
We did audit, agreed with that, BUT:
We did audit, agreed with that, BUT:
@mattblaze We told them, unfortunately:
1) Many terminals had yellow stickies with root password.
2) They’d reused unused lab space w/o adequate HVAC, room got hot, so they often left door open.
As usual, good tech helps, but human error/laziness must always be guarded against.
1) Many terminals had yellow stickies with root password.
2) They’d reused unused lab space w/o adequate HVAC, room got hot, so they often left door open.
As usual, good tech helps, but human error/laziness must always be guarded against.
@mattblaze If anyone wants some nostalgia history, here's a paper written in 1976 about PWB/UNIX computer center.
We were running ~16 concurrent users on 248KB PDP-11/45 and ~48 on 1MB 11/70 ... thankfully more 11/70s came soon after.
ics.uci.edu/~andre/ics228s…
We were running ~16 concurrent users on 248KB PDP-11/45 and ~48 on 1MB 11/70 ... thankfully more 11/70s came soon after.
ics.uci.edu/~andre/ics228s…
@mattblaze BTL Directors could spend $250K w/o much approval, enough to buy PDP 11/70, disks, tapes, run their own computer center w/o having to negotiate with regular BTL computer centers.
Same thing happened later with workstations & then PCs: user depts got impatient with central IT.
Same thing happened later with workstations & then PCs: user depts got impatient with central IT.
@mattblaze There's often been pendulum swing between centralized & distributed IT handling.
Just as happened later with workstations/PCs, BTL Directors found that running own computer center well was a pain. The main computer centers then offered to do facilities management, with good HVAC,
Just as happened later with workstations/PCs, BTL Directors found that running own computer center well was a pain. The main computer centers then offered to do facilities management, with good HVAC,
@mattblaze 24-hour operators who could run tape backups, and centralized purchasing. If a Director wanted more disk space for their system(s), they just told central IT, not have to haggle over disk allocation.
I recall centralized mainframe service bureaus of 1960s,reborrn as cloud🙂
I recall centralized mainframe service bureaus of 1960s,reborrn as cloud🙂
@mattblaze I did hear later (but couldn't verify) that NSA sometimes ran source-code mungers to change variable names to prevent such tricks, where the hack had to recognize code in login and in itself.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
